So you’ve clicked the link “read more” and been caught!
OK, so summing up from snippets I’ve been able to read up on; the Employee may (but is contesting that she didn’t) have some Cyber Security training and is also well known within the business to be a troublemaker and gossip. There are other personal factors that had happened within the Employees outside of work life that may have been a distraction to her work focus.
On the Employer side, they were unable to provide evidence of Cyber Security training and it also turns out that they weren’t aware of who in the business has access to what. The biggest issue here is that the Employee had access to the firms current account and able to send funds when she shouldn’t have.
The court rules in favour of the Employee.
- Not having evidence of staff training is a big failure.
- Not knowing who has access to what in the business is a true non-compliance and should be tested and documented.
Contact us today to find out how as little as £3 per month per employee we can discover who the weakest person in your business is and show evidence of suitable training in accordance with ISO 27001 certification. email: firstname.lastname@example.org
Links to the BBC articles:
5th Feb 2019 – https://www.bbc.co.uk/news/uk-scotland-glasgow-west-47135686
7th Feb 2019 – https://www.bbc.co.uk/news/uk-scotland-glasgow-west-47161340
15th Nov 2019 – https://www.bbc.co.uk/news/uk-scotland-glasgow-west-50432294