Is Your Greatest Cyber Risk “Inside the Building”…?

Most organisations focus their cyber security efforts on fortifying their networks against external attackers. However, firewalls, endpoint protection, and threat intelligence feeds don’t matter if someone on the inside simply hands over the keys to your data.

Fresh research suggests that a worrying number of employees are prepared to do exactly that.

A Workplace Fraud Trends study by Cifas has revealed that around one in eight UK employees have either sold company login details in the past year or personally know someone who has done so. 

The results were even more alarming when it came to who was most likely to justify this behaviour…

Surprising Seniority

It wasn’t disgruntled junior staff.  Rather, the research points squarely at senior leadership. As reported by Infosecurity magazine, 32% of senior managers, 36% of directors, 43% of executives, and an astonishing 81% of business owners believe that selling access to company systems can be acceptable in certain circumstances.

Cyber security professionals know that’s not true. Once an outsider has a legitimate set of credentials, they effectively become an insider, inheriting the same trust, permissions, and ability to move through systems undetected. 

That’s a cybercriminal jackpot.

A valid username and password is the most efficient bypass of every security control your IT team has painstakingly put in place. That’s why every employee - regardless of seniority - must understand the importance of keeping their system access credentials confidential.

However, with economic uncertainty, job insecurity, automation anxiety, and rising living costs, the temptation to make a quick buck by selling credentials is likely to grow. 

That’s why organisations need to put in place technical safeguards to backstop the trust they put in their employees. 

Technical Safety Net

Managed File Transfer (MFT) acts as a powerful safety net when insider behaviour becomes a threat. Even if an attacker gains a valid username and password, an MFT platform forces all file movement through a tightly controlled, policy‑driven channel. Every transfer is authenticated, encrypted, logged, and monitored, which means stolen credentials alone don’t grant free‑form access to sensitive data. 

Automated workflows, IP restrictions, device‑fingerprinting, and multi‑factor requirements create friction that criminals can’t easily bypass, and the audit trail exposes any unusual behaviour instantly. 

As per the phrase Ronald Reagan once popularised, organisations need to “trust, but verify”.  Every employee, from intern to owner, is a potential point of failure if they view their credentials as a commodity.

Local Experts Available

At Generic Systems Australia, we're a global leader in implementing the world's best MFT - Fortra's GoAnywhere. As one of Fortra’s top MFT partners globally, we've helped dozens of Australian and NZ organisations leverage the protection and efficiency offered by GoAnywhere. 

And we're right here in Australia, ready to share our deep expertise with you.