This blog on the Taylor Wessing content hub is a great read.
I certainly agree that most insider breaches are for personal gain. With so many employees working from home, there may be a perception that they are being monitored less, making them more likely to access, copy or share confidential information. Furthermore, as a direct result of Covid, there will be employees who may be experiencing greater financial pressures, or simply be disengaged with the business; both of these factors can be big drivers for employees to commit fraudulent activities or sell intellectual property.
I think we also have to be considerate to the home working environments of employees too. For instance, they may be working in locations with much less privacy or where conversations can be overheard. And with less access to office systems and support, the likelihood of printing sensitive information, leaving notebooks laying around or copy data to unencrypted USB devices, we are seeing far greater risks when it comes to data.
In respect of the Morrisons case, ensuring that systems and devices and suitably locked down and auditing is in place will aide in reducing risk.
I believe education is key here (isn’t it always) and this education process should be one that is regularly updated and repeated. For example, making training a mandatory quarterly process and ensuring that attendance is tracked and monitored. Training should also ensure that all employees know the correct processes and procedures they must take when faced with any potential data breaches.
In addition to education, having adequate and appropriate policies in place is essential. However, ensuring that policies are shared and understood by employees has to be a priority. As mentioned above, training should be a regularly repeated process for all team members.
When thinking about deliberate data breaches, what usually comes to mind is a faceless external hacker whose identity may remain unknown. But the risk is often far closer to home and can come from employees and former employees.