What are the IT security risks from ex-employees?
Ex-employees are probably the most commonly overlooked cyberthreat, and therefore one of the most dangerous.
A recent survey of UK and US workers found that 1 in 3 ex-employees had access to company data. This is especially worrying in a post-GDPR world where companies have a legal obligation to safeguard personal information.
Whether through malicious intent or simple carelessness, your former employees can cause the kind of data breaches that could ruin your company’s reputation and cost you a fortune in fines. Luckily, a few basic precautions can help significantly reduce the IT security risks from ex-employees.
The most obvious way in which former employees can access company data is through the ongoing use of old passwords, so it is vital that you change every password that the employee had. These new passwords should be impossible to guess. If you’ve been using a number sequence for regular password changes, don’t simply continue the pattern.
You shouldn’t wait until the employee actually leaves to do this; you should do it as soon as they are sacked (if this is the case). This removes the threat of a disgruntled employee acting maliciously in their final days.
As part of our IT support, Akita’s has procedures in place to lock employees out as soon as we are notified that they have been dismissed.
Most employees will have a company email account. This can present a problem as you may wish to keep the account open in case it receives emails containing possible business leads. However, you do not want the employee to have access to the account as this would allow them to send emails on behalf of the company.
The best option is to change the password and then redirect the account’s emails to the account of a current employee. After a few months, emails to the old account should tail off and then you can delete it permanently.
Mobile Device Management (if in use) can also be used to remotely remove any email accounts in use on the former employee’s phone. This means any sensitive work emails can be removed from the device without the requirement of actually having the device.
Download of data
Perhaps the most serious threat posed by an ex-employee is the theft of sensitive data. This is every employer’s nightmare, but there are ways to reduce the risk.
A good rule of thumb is to restrict each employee’s data access to the information that is strictly necessary for them to do their job. This will reduce the breadth of potential data theft, and make it easier to find the culprit if it does happen.
If an employee is known to be disgruntled, you should pay close attention to their activity in the days before they leave. This will give you a better chance of stopping data theft before it happens.
Akita can also work with you to put in place other safeguards: data downloads from CRM and ERP systems can be restricted, file transfers blocked and the use of USB storage devices deactivated.
To discuss ways to eliminate IT security risks from ex-employees, or to arrange a comprehensive IT security review, please get in touch.