Whilst data breaches by cybercriminals seem to receive the most exposure, it’s the insider attacks by former employees that pose a significant threat to your business data. Take these examples for instance:
- The co-owner of an engineering firm gained access to the servers of his former employer, and to the email of a former colleague. Over a two-year period, he managed to steal proprietary business data worth around $425,000 (USD).
- After switching jobs, a man found he still had access to his former employers’ servers. He wreaked havoc for eight months, deleting files, even managing to shut down the former company’s trading system. He caused estimated losses of more than $10,000.
- In a malicious attack, a man who was asked by his former healthcare employer to resign, managed to gain access to 13 of their servers. He disabled admin accounts, deleted business data which including patient medical records, and caused losses in excess of $5,000.
These are not isolated incidents. They occur quite frequently. A 2017 study conducted by Arlington Research found that 20% of the 500 organisations surveyed were the victims of data breaches perpetrated by ex-employees.
Things in Common
Most data breaches performed by former employees had one thing in common: Regardless of whether they resigned or were fired, they still had access to their former employers’ IT systems. Equally surprising, some of those businesses knew it. In that 2017 study, almost half the respondents admitted the accounts of former employees remained active for some time after they had left. 50% said the accounts remain active for longer than a day, 25% said the accounts are active for more than a week, and 25% did not know how long accounts remained active. This is a huge risk. If a former employee has a grudge, or a desire to steal, they might try to take advantage of this access.
Protecting Your Business
Consider this two-step strategy. First, purge your computer systems of existing old accounts. Start by identifying the accounts of former employees, remove their security group memberships, then remove the account altogether. If a past employee had access to a sensitive account (like an admin account), consider changing its password. Second step, prevent the accumulation of old accounts in the future. Create a process for removing user accounts and group memberships immediately after an employee leaves. Also, perhaps consider a process for provisioning accounts that limits employees access to the minimal level that allows them to perform their duties. This reduces the potential damage from a data breach caused by employees who know they might be leaving soon and want to be malicious beforehand.
Time-Consuming but Worth It
Controlling former employee accounts and access is important. Purging old accounts shouldn’t take too long, but creating a process for the provisioning and deprovisioning of employee accounts can be time-consuming. If you’d like to learn more, call us at Intellect IT for more information.