Data breaches instigated by former employees do not gain as much media exposure as those caused by cybercriminals. However, these insider attacks can pose a significant threat to companies’ data as well as their bottom line, as the following examples demonstrate:
Such incidents occur more frequently than you might realize. A 2017 study conducted by Arlington Research found that 20% of the 500 organizations surveyed were the victims of data breaches perpetrated by ex-employees.
Data breaches caused by former employees often have one thing in common: The ex-employees — no matter whether they were terminated or left on their own — still had access to their former employers’ resources, including applications and computer systems.Surprisingly, companies often know that ex-employees have such access. In the 2017 study, nearly half of the 500 respondents admitted that the accounts of former employees remain active for some time after they leave. Out of that group, 50% said that the ex-employee’s accounts remain active for longer than a day, 25% said the accounts are active for more than a week, and 25% did not know how long former employees’ accounts remain active.Leaving ex-employees’ accounts active is risky. A former employee with a grudge or a desire to steal proprietary data might try to take advantage of this access.
To protect against data breaches caused by ex-employees, you can follow a two-step strategy. The first step is purging your computer systems of existing old accounts. This includes identifying and removing the user accounts of former employees and removing their memberships in group accounts. If a former employee had access to a particularly sensitive account (e.g., an administrative account), you might also consider changing the password to it.The second step is preventing the accumulation of old accounts in the future. An effective approach is to set up a process for deprovisioning former employees’ user accounts and their group memberships immediately after they leave. Plus, it is a good idea to set up an account provisioning process that follows the principle of least privilege (i.e., limiting employees’ access to the minimal level that will allow them to perform their job duties). This will help limit the potential damage of a data breach caused by insiders, such as employees who know they will be quitting soon and want to steal data or wreak havoc beforehand.
Making sure that former employees cannot access your business’s data and systems is important. While purging old accounts might not take too long, setting up and managing the provisioning and deprovisioning processes can be time-consuming. To help simplify these processes, you might consider using an access control tool or identity management service. We can recommend the best solution for your business based on your needs.
About CHIPS Computer Services
CHIPS Computer Services is an award winning Managed Services Provider specializing in help businesses increase efficiencies and profits by levering properly managed technology. To learn how CHIPS can help your business, email us at firstname.lastname@example.org to schedule no cost business technology assessment.