Wait and see
However, some companies may choose to wait and see whether the employee is deliberately acting maliciously and whether others are involved.
It is not just their own staff that companies need to monitor – they must also ensure external contractors are monitored.
Vulnerability consultant Chris Clemson gives an example: “A Manchester-based internet company was having trouble with a contractor claiming that the IP belonged to him, and that if he didn’t get a pay rise, the firm would not be allowed to use his software. The company told him to go away, and he then proceeded to delete all the backups and uninstall MySQL, Apache, and so on, from its servers.
“Luckily, the dozy person did not realise that the bash command ‘history clear’ doesn’t actually delete the bash history file, so I managed to get evidence of all his ‘rm …’