There are many reports of ex-employees trying to sabotage the IT assets of the organization through unauthorized accesses and misuse of data. Also, there are many instances of ex-employees using some critical data related to their past work for reference purposes (usually in their current organization or for a new job search) without being concerned about the security issues or without actually realizing them. Though no evidences are available, many security experts believe that some of the notorious data theft cases reported in newspapers are caused by ex-employees or by insiders of the organization. So vulnerability to the ire of ex-employees who hold a grudge against them is a matter of serious concern for organizations. Here is an interesting story I read on Spiceworks recently.
Why ex-employees become a security challenge?
Mainly there are two reasons why the ex-employees become harmful to the security of the organization:
- Attempt of revenge
- Use of critical data for personal gains
- Causal attitude and lack of awareness about the security issues
How do they access the network when they are outside the organization?
Attacks by ex-employees can be regarded as insider attacks. It’s through ‘remote access’ that ex-employees connect to the organization’s network. Intruders use their past login credentials or the credentials of a colleague (they steal it or get it shared) and the cloud assets of the organization are universally accessible to those who have the credentials. Also, ex-employees who have details of inactive user and computer accounts in the network can use such accounts as well to intrude into the network.
What are the loop holes that expose the organization to attacks?
Many organizations fail to withdraw the remote access facility when an employee leaves or when he is about to leave. Though the IT departments do not allow sharing login credentials, many employees and their peers do this for the sake of convenience trusting their colleagues blindly. If the password changing policy of the organization is too strong, some employees may develop a habit of noting the password somewhere near their workstation making them vulnerable to thefts. Those who leave the organization can use these shared or stolen credentials for unauthorized accesses. A similar thing can happen when employees follow a known pattern for their passwords.
How dangerous are the security challenges posed by ex-employees?
As in the case of all other cyber-attacks, the lethality of ex-employee attacks depends on the type of privileges his account has at the time of the attack. Also, it depends on his IT skills, intentions, and the duration of the attack.
- What makes it more dangerous?
Ex-employees are familiar with the IT infrastructure of the organization. They know about the security loopholes, naming conversions, password habits, permissions, privileges etc. So they can intrude in to the organization’s network without much effort. - What makes it less dangerous?
Mostly, outraged ex-employees act impulsively; but they do not do meticulous planning. They, in most cases, are driven by a feeling of revenge, and not by extreme intentions of crime or fraud. They act solo and usually don’t conspire. They may not be as skilled as professional cyber criminals too.
How can you be prepared against security threats form ex-employees?
There are many ways by which organizations can avoid insider attacks. They can do this without affecting the productivity and without creating a trust deficit with its employees. Here are some suggestions:
- Do not encourage employees to share their login credentials with others. Also, enforce a password change policy so that it will be difficult for ex-employees to guess or steal passwords.
- Provide remote access facility according to the business requirements only. Monitor remote accesses and limit their timings and duration. Make sure that this facility is withdrawn when the employee leaves. Be careful with cloud access credentials too.
- Strip off the privileges and disable the user account used by the employee when he leaves. Later delete it as per the organization’s policy.
- Disable inactive user and computer accounts, move them to a separate Organizational Unit, and later delete them. For this, use professional Active Directory cleanup solutions like Lepide Active Directory Cleaner if required.
- Have a procedure in place to manage the employee exit. Take extra effort to make sure that the employer-employee relations are good even at the time of exit. If possible, provide some support to the employee to move ahead.
Blog Summary
Workplace productivity is very much dependent on the relation between the employer and the employee. But there are some unfortunate situations in which it becomes worse. Organizations cannot predict how the employee is going to respond after it. But a little tactic, diplomacy, and precaution can help organizations in securing their IT assets from the fury of discontented employees.
Important Group Policy Settings & Best Practices to Prevent Security Breaches
15 Most Common Cyber Attack Types and How to Prevent Them
Why Active Directory Account Getting Locked Out Frequently – Causes
