Imagine the situation...
You employ a bright talented person as a summer job.
They are helping with stock inventory and a bit of purchasing and because of this have access to your internal system, which can be accessed remotely. They have a bit of knowledge about social media so you add them to your socials so they can help there as well. You don’t want to give them a company device as they are only there for a short while, so they use their own device to log in when required.
And they then leave. Which is what you expected.
But… you don’t remove their access to your systems, or maybe you don’t realise the extent of the systems you have given them access to and only remove some.
There could be two scenarios:
1. The staff member didn’t leave voluntarily.
They are angry and want to pay you back for not seeing them as the “must have” employee they certainly are.
They realise that they have access to your social media accounts and decide to have a rant on there, describing in all the gory details about how bad an employer you are, along with insulting your customers and suppliers. That might be a blow to your reputation.
2. The staff member left as expected on good terms, but they were lax with their own cyber security.
They reused their password across your systems and their personal accounts, one of which was in a data breach. Cyber criminals obtain a list with their email account (they used your company one for some reason) and try their password on your systems. You haven’t got around to enabling 2FA yet, so the criminal is in.
What will they do now?
Data theft, ransomware, malware? The possibilities are bound to have a criminal rubbing their hands in glee. Oh, and guess what, you added them as an admin so that means the criminal can virtually do as they wish.
The Eastern Cyber Resilience Centre is a not-for-profit membership organisation, run by policing, with the aim of increasing cyber resilience of SMEs within the East of England.
You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.
We also provide free guidance on our website and we would always encourage you to sign up for our free core membership. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.
Policing led - business focussed
Click to Open Code Editor