Comment Re:Why do VPN users have access to this much data? (Score 1) 50
Of course it can be leaked. 1 screenshot at a time. But there is no reason that they should be able to dump data on 800k employees and 2 million + customers.
That should have taken someone a lifetime, one screenshot at a time.
The HR department does not need access to the customer records. The HR department does not need access to bulk information. The application developer pool should not have access to the live production database from a remote location. The developer should be given access to a sanitised database clone. There is zero reason they should be working on the full dataset.
As for your DBA, it depends on how mission critical and how sensitive your data is. You are talking about a company that has 800,000 employees. I'm sorry but they should have a dba sitting on site 24/7. Outside of that though why couldn't they have 2 factor authentication. Compromising a network SHOULD NOT give you access to everything. They should have been running kerberos with highly controlled access levels.
You can't remove all risks. But those should be actively minimised.