Data breaches by former employees do not gain as much media exposure as those caused by cybercriminals. However, these insider attacks can pose a significant threat to companies’ data as well as their bottom line, as the following examples demonstrate:
Such incidents occur more frequently than you might realize. A 2017 study conducted by Arlington Research found that 20% of the 500 organizations surveyed were the victims of data breaches perpetrated by ex-employees.
A Common Thread
Data breaches caused by former employees often have one thing in common: The ex-employees — no matter whether they were terminated or left on their own — still had access to their former employers’ resources, including applications and computer systems. Surprisingly, companies often know that ex-employees have such access. In the 2017 study, nearly half of the 500 respondents admitted that the accounts of former employees remain active for some time after they leave. Out of that group, 50% said that the ex-employee’s accounts remain active for longer than a day, 25% said the accounts are active for more than a week, and 25% did not know how long former employees’ accounts remain active. Leaving ex-employees’ accounts active is risky. A former employee with a grudge or a desire to steal proprietary data might try to take advantage of this access.
What You Can Do to Protect Your Business
To protect against data breaches caused by ex-employees, you can follow a two-step strategy.
The first step is to deactivate the account so the account can’t be used. Employee can be granted access to the ex-employees electronic files to minimize impact to business.
The second step is purging your computer systems of existing old accounts. This includes identifying and removing the user accounts of former employees and removing their memberships in group accounts. If a former employee had access to a particularly sensitive account (e.g., an administrative account), you might also consider changing the password to it.
The third step is preventing the accumulation of old accounts in the future. An effective approach is to set up a process for deprovisioning former employees’ user accounts and their group memberships immediately after they leave. Plus, it is a good idea to set up an account provisioning process that follows the principle of least privilege (i.e., limiting employees’ access to the minimal level that will allow them to perform their job duties). This will help limit the potential damage of a data breach caused by insiders, such as employees who know they will be quitting soon and want to steal data or wreak havoc beforehand.
An Important but Time-Consuming Endeavor
Making sure that former employees cannot access your business’s data and systems is important. While purging old accounts might not take too long, setting up and managing the provisioning and deprovisioning processes can be time-consuming.
With PC Corp Fully Managed I.T. Services, many of these processes are already in place. When an employee leaves your organization, our off-boarding procedures ensure that employee access to your business systems is discontinued and all the employee’s accounts within your environment are closed.