145 million accounts stolen thanks to use of employees log-in details

-

ebay logo

The reputational damage to eBay could hardly be greater. Every single one of its 15 million British users is being required to change their passwords following a security breach. One would expect that a company as large as eBay would have fairly stringent security measures in place. So what kind of highly sophisticated hacking techniques could have been used to bypass their defences?

Well, it was the work of hackers, but it wasn’t as high-tech an operation as many may assume. The information appears to have been accessed through the use of an employee’s log-in details.

On reflection, this is really not very surprising. After all, a company’s data is only as secure as the employees who are permitted to access it. Every company has data that it needs to protect, and in all cases at least some employees are going to need to have access to that data.

HRreview Logo

Get our essential weekday HR news and updates.

This field is for validation purposes and should be left unchanged.
Keep up with the latest in HR...
This field is hidden when viewing the form
This field is hidden when viewing the form
Optin_date
This field is hidden when viewing the form

 

What eBay’s experience demonstrates is that no matter how technically secure a system is, as long as employees are able to access it, there will be a risk of the data being misused. So employers need to take appropriate steps to reduce the risk of this happening.

The starting point is to ensure that employees are only given access to information that they reasonably need to carry out their duties. If only a limited number of employees can access the most secure data, this greatly reduces the risk of one careless (or malicious) employee compromising the whole system.

As with so many employee issues, it is also important to have clear and comprehensive staff policies governing employees’ access to company systems. This is usually set out in an IT policy, or sometimes in a more specific Systems Resources policy. The policy should inform employees of the need to keep their login details secure and the rules regarding IT usage should be clearly set out.

Where there is a breach of the policy, it should be dealt with as a serious disciplinary issue. This should be the case even where no loss actually occurs as this will help to prevent complacency among staff.

However, no matter how robust a company’s policy is, it’s unlikely to stop an employee who is intent on misusing their login details – perhaps for personal gain. Therefore, it’s equally important for employees’ IT access and usage to be appropriately monitored.

Again, this monitoring of employees should be clearly set out in the policy. It’s entirely reasonable for employers to monitor employees in these circumstances, but if it isn’t highlighted in a policy, employees could raise concerns regarding privacy. Employees are also far less likely to misuse company data if they know that their actions are being monitored.

No company will ever be able to completely eliminate the possibility of staff carelessly or improperly accessing company data. A strong and well administered policy can reduce the risk of this happening. It can also help to identify any wrongdoing at an early stage and this could drastically reduce any damage caused.

Article by Andrew Crudge, Associate, Thomas Eggar LLP

Latest news

England’s overnight World Cup clash and 5am pub opening prompt CIPD advice

The CIPD is urging organisations to agree any flexibility before England's 1am World Cup last-16 tie to help minimise disruption at the start of the working week.

Russell Cowley: Gen Z – rebuilding workplace culture, break by break

Gen Z workers are taking proper breaks and in doing so, they may be fixing something the rest of us broke.

Fit for Work: Weekend warrior? You can still reap the health benefits

Weekend exercise can still improve long-term health, even for people who struggle to fit physical activity into the working week.

Superdry co-founder’s victim warns workplace power can silence abuse victims

A survivor's account raises questions about speaking-up cultures and accountability in organisations.
- Advertisement -

UK’s always-on work culture ‘driving employee burnout’

Nearly half of UK workers say they end most working days mentally exhausted as rising workplace pressure leaves employees and managers struggling to switch off.

Andrew Murray on why no two days look alike

A people development leader shares how travel, training and a passion for helping others shape a working day with little room for routine.

Must read

Alex Wilke: Moving on from the annual employee engagement survey

Annual employee engagement surveys are a regular event at...

Book review: The Wellness Syndrome by Carl Cederström and André Spicer

Health and wellbeing have never been more trendy, but are we taking it all too far?
- Advertisement -

You might also likeRELATED
Recommended to you