Community
This case is just the latest example of how “trusted insiders” can pose a risk to an organisation’s data security defences and how they continue to by-pass them altogether, only to get found out when it’s too late. It highlights that while most organisations have invested heavily in securing their systems from “external” threats, there has been proportionately less investment in mitigating the threat from inside, by implementing robust user activity monitoring and effective control systems.
However, what this scenario also underlines is the importance of user education and getting employees, subcontractors and third party vendors to not only treat company data with the utmost respect, but also to get them to understand that controls and monitoring are in place to identify security gaps and avoid data leakage in the first place.
At the end of the day, no matter what systems and processes a company has in place, if an ‘insider’ wants to steal data, there is a residual risk that they will find a way of doing so. However, they will be disinclined to attempt data theft if they know that they are likely to be found out; either before the event (through automatic alert generation) or after the event (through forensic examination of user activity logs).
Through such user activity monitoring, Computershare may well have avoided the litigation costs and reputational damage associated with this recent case.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Eimear Oconnor COO at Form3 Financial Cloud
07 November
Kyrylo Reitor Chief Marketing Officer at International Fintech Business
06 November
Konstantin Rabin Head of Marketing at Kontomatik
Alexander Boehm Chief Executive Officer at PayRate42
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.