People Are the Risk, Not Just IT

30 July 2015

If you think your organisation is safe because you are spending a six figure sum on IT, then think again.

A former employee of Morrisons was recently jailed for a data leak. He was found guilty of leaking personal data relating to around 100,000 of the company’s staff. This wasn’t cyber fraud or a hack. This was a disgruntled employee. He uploaded information including employees’ names, addresses and bank account detail onto internet sites.

We must not get carried away with technology and believe that technology alone can safeguard us; we need to get back to basics and look at our staff. They are biggest asset and at the same time our biggest threat; particularly departing employees.

Good Leavers can carry much good will about the company and act as ambassadors of their former firm. Disgruntled ones can cost us millions – literally - as it is estimated to have cost Morrisons £2million to deal with the leak.

Morrisons won’t be the first or last to suffer from this type of incident but we can all learn from it. Reputation resilience requires businesses to implement a Reputation Management System to ensure there is a process for identifying and managing reputation risks. By building resilience into their operations and processes, businesses will be in a stronger position to identify suspicious activity – such as an employee accessing the data of 100,000 staff – and in doing so, employ containment measures to prevent such information from entering the public domain.

Receive our monthly newsletter

About the Author

Rachel Atkins


A specialist in safeguarding the reputations of prominent individuals and businesses, Rachel couples her experience in media law with a detailed knowledge of reputation threats that emanate from non-media sources.

+1 646 934 6219
Our 24 hour number
+1 646 934 6219
Legal information

© 2020 Schillings International LLP. SCHILLINGS is a trading name of Schillings International LLP and Schillings International (USA) LLP.

Schillings International LLP is a limited liability partnership registered in England and Wales with registration number OC398731. A list of members of Schillings International LLP is available for inspection at our registered office 12 Arthur Street, London, EC4R 9AB. Schillings International LLP is an Alternative Business Structure regulated and authorised by the Solicitors Regulation Authority.

Schillings International (USA) LLP is a registered limited liability partnership organised and existing under the laws of the State of Delaware, United States of America, whose principal place of business is at One World Trade Center, Suite 8500, New York, NY 10007. Our New York based attorneys are registered as a foreign legal consultant in the State of New York.