145 million accounts stolen thanks to use of employees log-in details

-

ebay logo

The reputational damage to eBay could hardly be greater. Every single one of its 15 million British users is being required to change their passwords following a security breach. One would expect that a company as large as eBay would have fairly stringent security measures in place. So what kind of highly sophisticated hacking techniques could have been used to bypass their defences?

Well, it was the work of hackers, but it wasn’t as high-tech an operation as many may assume. The information appears to have been accessed through the use of an employee’s log-in details.

On reflection, this is really not very surprising. After all, a company’s data is only as secure as the employees who are permitted to access it. Every company has data that it needs to protect, and in all cases at least some employees are going to need to have access to that data.

HRreview Logo

Get our essential weekday HR news and updates.

This field is for validation purposes and should be left unchanged.
Keep up with the latest in HR...
This field is hidden when viewing the form
This field is hidden when viewing the form
Optin_date
This field is hidden when viewing the form

 

What eBay’s experience demonstrates is that no matter how technically secure a system is, as long as employees are able to access it, there will be a risk of the data being misused. So employers need to take appropriate steps to reduce the risk of this happening.

The starting point is to ensure that employees are only given access to information that they reasonably need to carry out their duties. If only a limited number of employees can access the most secure data, this greatly reduces the risk of one careless (or malicious) employee compromising the whole system.

As with so many employee issues, it is also important to have clear and comprehensive staff policies governing employees’ access to company systems. This is usually set out in an IT policy, or sometimes in a more specific Systems Resources policy. The policy should inform employees of the need to keep their login details secure and the rules regarding IT usage should be clearly set out.

Where there is a breach of the policy, it should be dealt with as a serious disciplinary issue. This should be the case even where no loss actually occurs as this will help to prevent complacency among staff.

However, no matter how robust a company’s policy is, it’s unlikely to stop an employee who is intent on misusing their login details – perhaps for personal gain. Therefore, it’s equally important for employees’ IT access and usage to be appropriately monitored.

Again, this monitoring of employees should be clearly set out in the policy. It’s entirely reasonable for employers to monitor employees in these circumstances, but if it isn’t highlighted in a policy, employees could raise concerns regarding privacy. Employees are also far less likely to misuse company data if they know that their actions are being monitored.

No company will ever be able to completely eliminate the possibility of staff carelessly or improperly accessing company data. A strong and well administered policy can reduce the risk of this happening. It can also help to identify any wrongdoing at an early stage and this could drastically reduce any damage caused.

Article by Andrew Crudge, Associate, Thomas Eggar LLP

Latest news

Superdry co-founder’s victim warns workplace power can silence abuse victims

A survivor's account raises questions about speaking-up cultures and accountability in organisations.

UK’s always-on work culture ‘driving employee burnout’

Nearly half of UK workers say they end most working days mentally exhausted as rising workplace pressure leaves employees and managers struggling to switch off.

Andrew Murray on why no two days look alike

A people development leader shares how travel, training and a passion for helping others shape a working day with little room for routine.

Lucy Standing: Older workers are back in the centre of the hiring debate – ready to lead the response?

For HR leaders, the argument is simple: the people being filtered out of your hiring process are not past their best.
- Advertisement -

One in 10 women quit work after pregnancy loss, report finds

Research suggests inconsistent workplace support following pregnancy loss and maternity leave is contributing to resignations and poorer mental wellbeing.

Fear of becoming obsolete grips workers as AI reshapes careers

More than two in five workers worry their skills could become outdated as AI reshapes hiring demands and increases pressure to keep learning.

Must read

5 myths about digital recruitment

The fast-changing world of apps, social media, video technologies, games and VR is having a dramatic impact on HR processes.  How can we use digital recruitment to our advantage?

Helen Ives: Why charity is HR’s secret weapon

The best people are passionate people. People who are...
- Advertisement -

You might also likeRELATED
Recommended to you