While all of the facts haven’t yet come to light, Tesla looks like it might be in a bad situation due to an employee’s actions. This employee (who was disgruntled, concerned, or both) claims to have provided outside sources with proof that the company has installed thousands of damaged battery packs in Model 3 vehicles in order to get them out the door. The company is facing tremendous pressure to get the Model 3 to customers, and any proof that they’ve sacrificed quality or safety in the process will subject the company to very negative press at a critical time in its history.
This story isn’t just a great read, it’s a great reminder. For all of the hard work most companies do to prevent malware, network exploits or other security holes from opening up their network to external criminals, the greatest threat is often still inside of the walls. Research from IBM indicates that 60% of all network attacks are facilitated or carried out by insiders.
Employees have to be able to access and modify data in order to do their jobs. Every piece of data they can access is something they can share, however, and every piece of data they can modify is something they can delete. These things can certainly be intentional, but they don’t have to be – people delete critical files by accident all the time. In fact, that same IBM study found that 25% of insiders who were responsible for attacks had no idea they were facilitating an attack.
This isn’t a reason to lock down your data so employees can’t do their job. It’s about making sure that your data policies make sense. Is all your data backed up? Are there measures in place to prevent employees from accessing business data that doesn’t impact their work in any way? Is data access audited periodically to make sure previous employees don’t still have credentials to access data, or employees who changed jobs don’t have access to data that’s no longer relevant to them? While this can be tedious if it’s handled manually, it’s important, because these factors represent clear threats to your data integrity and security.
To learn how WingSwept can help your company achieve more (and protect its data!) call us at 919-779-0954 or email us at Team_WingSwept@WingSwept.com.