Warning: Trying to access array offset on value of type bool in /srv/users/ftpihreplacerftp/apps/ihreplacer/public/wp-content/themes/acabado/functions.php on line 1522

Warning: Trying to access array offset on value of type bool in /srv/users/ftpihreplacerftp/apps/ihreplacer/public/wp-content/themes/acabado/inc/content-post.php on line 20

Warning: Trying to access array offset on value of type bool in /srv/users/ftpihreplacerftp/apps/ihreplacer/public/wp-content/themes/acabado/inc/content-post.php on line 21

Warning: Trying to access array offset on value of type bool in /srv/users/ftpihreplacerftp/apps/ihreplacer/public/wp-content/themes/acabado/inc/content-post.php on line 22

Rouge Employee – Steals Customer Data

Written by Spencer Heckathorn in Blog,Security,Threat

Data Breaches, Stolen Contacts, Stolen Personal Info, Stolen Processes, Deleted Customer Lists on and on…

Something that none of us want to hear, but it happens everyday somewhere someone steals, deletes, loses, or otherwise access data they should not. It is not always due to a rouge employee but that happens a lot, and comprises the majority of incidents I have seen at small to medium sized businesses, with those that have 2-40 really seeming to be a sweet spot. It’s like before you are a cretin size it doesn’t happen. So you don’t think about it and how to mitigate the risk.

(setup a google alert for “data breach”) Sorry to all of those looking for some juicy bits it didn’t happen here (fingers crossed), but I will tell you about where it did happen.

Take the data and Delete the email Rouge Employee in real life

One of our customers called in a panic about 3 years ago, an employee, that thought he saw greener pastures on the other side, took the companies complete customer list and deleted all of his emails upon leaving. This was devastating in many ways to the company. Not only was their customer list out “in the wild” but they could not finish the jobs and quotes and other support items that this guy had started. They had to email all of the customers they knew he was working with and explain the situation. Then they had to sit with a special kind of anxiety knowing that when a customer would call it could be to complain about “why haven’t I heard from ____” or “why didn’t you guys get me taken care of here” and the worst one “Our crew is here, where are the materials and your crew?” That last one caused some real damage to the tune of $20,000 or more. Eventually things calmed down and after the dust settled it became a lesson well learned and from that point on, no more employee personal email addresses for business stuff. All email is now backed up from each computer, but also each email is automatically duplicated and sent to a central account where the owner can look any time. This came in handy later when they needed to sue someone else for payment on a job. As a trivial side note the guy went to a competitor, but only lasted 2 weeks just enough time for him to enter all the customer data in their system, they let him go for fear he would do the same… My customer estimates he only lost about 5% of business from that débâcle.

The solution is Simple

Now I will not go into all of the possible scenarios and details of how you can protect yourself in this post because it would just be a long (tldr) post. However, I will tell you I heard some great advice that has me thinking about this a lot more. A question was asked of a busi0ness mentor: “How do I find employees I can Trust?” I thought I was going to hear something long and drawn out about how to evaluate someone, and how it is important to “get to know” someone so you don’t end up with that rouge employee, but what I heard was so simple it was shocking and it drew things into perspective.

You can’t find employees you can trust, that’s why you have to build systems

It may not be so obvious to everyone, or you may be saying “I knew that, and have for a long time,” but I was floored by the simplicity and obvious correctness of what was being said. Every instance that I have been called to clear up one of these incidents or to investigate the extent of the damages, no systems were in place.

It’s like before you are a cretin size it doesn’t happen. So you don’t think about it and how to mitigate the risk.

Honestly it doesn’t have that much to do with size, it’s a combination of luck, and other factors. If you don’t have a system in place but you already have 200 employees, you got lucky! But trust me I have been out to those places and it gets very expensive to say, “we have 300 computers, 70 laptops, and 8 servers”, “now figure out how much to clean up the malware and stop our ex-employees from accessing their machines”… Now we are already talking about 10’s of thousands of dollars. Where if they took the time at 50 employees or sooner they wouldn’t have an issue or would have a much better way to deal with anything already in place.

Taking a Different Approach

Start thinking about how to stop the problem before it starts or to minimize the damage and risk. This is in fact where I exit and get to work on this very thing! As I figure it out I will post what I have and we both hopefully can grow from there.

By: Spencer Heckathorn

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts