Nine ways to Prevent Ex-employees from Compromising IT security

Kanika Agarwal by   11.20.2017   Data Security

No one needs to be reminded of the almost daily, high profile media reports of security breaches and their devastating effects. However, little is said about the underlying threat of ex-employees. Everyone likes to think that they are parting with their employees on amicable terms, but who can be sure?

A new study by OneLogin revealed that a significant percentage of businesses fail to adequately protect their networks from potential security threats posed by ex-employees who can access the corporate network, even after leaving the business. Worrying!

Another survey from Ostermann Research on ex-employees revealed that almost 70 % companies had suffered a significant data or knowledge loss from employees who took information resources with them when they left the business. A harsh reality, indeed.

In this blog, I will help you understand how you can lock down your secured network from ex-employees and protect your company from embarrassing data breach incidents.

1. Monitor employee attitude and behavior post-resignation

It is critical to watch over an employee’s actions the moment you agree to part ways (and ideally long before that) Any security incident involving copying sensitive files or changing permissions should raise flags immediately. Lock down privileged access as soon as the employee has declared to leave the company.

2. Eliminate access methods after termination

Insider attacks by ex-employees is a harsh reality. According to CERT data, employees commit insider sabotage most often when they feel that their dismissal was unfair or they are disgruntled in any way. To counter this, revoke system access immediately.

If the user accounts of ex-employees are notified, LepideAuditor can show all permissions of the selected user in Active Directory on any given date. You can also monitor all permission changes across all components including Active Directory, Exchange Server, SQL Server, SharePoint Server, Windows File System, NetApp Filer, and Office 365 (SharePoint Online and Exchange Online). You can also view what users have which permission currently on the shared files and folders.

3. Set up an automated information system

Occasionally there is a break in inter-departmental communication that can lead to IT teams having no knowledge of whether an employee is still with the business or not. This needs to change. IT teams can set up an automated information system to deactivate inactive accounts and change passwords the moment an employee parts (so long as they know when that’s happened).
LepideAuditor also helps you in this scenario with its Active Directory Cleaner module, which handles inactive user accounts and takes action against them automatically at predefined intervals.

4. Establish a security incident response team

Disgruntled employees may attempt to disrupt business operations, delete data and look for any number of ways to harm the organization for personal profit. As a solution, establishing a security incident response team helps you prevent, detect and handle security incidents immediately.

You can equip your Response Team with LepideAuditor to allow them to execute their own customized script upon detecting critical changes. For example, a user account can be disabled if multiple files or folders are being deleted.

5. Protect against unwanted activity

Are there events of file sharing through accounts which belonged to former employees? If yes, you are in danger of an insider attack. The employee, who was earlier part of the system, may have walked out of the front door but left the back door open.

To guard against uninvited guests, monitor user activity and review every single suspicious action or anomaly. LepideAuditor lets you track all user activities across the monitored components and lets you pin-point the culprit of an unwanted change.

6. Don’t forget to guard your perimeter

We would like to believe that when an employee departs the organization, he or she is gone forever. That’s not always the case. A disgruntled employee with working login credentials can easily circumvent the security perimeter and jeopardize business operations.

Don’t assume you have to guard only against external forces. Install a proactive IT auditing solution like LepideAuditor to ensure better internal IT security.

7. Make data encryption a regular activity

Some employees have a strong affiliation with the management even after they depart. However, a few trusted employees may turn malicious and attempt to steal sensitive business information.

In short, your security is always at risk. As a straightforward solution, data encryption works wonders. That way, if someone gets their hands on a backup tape or tries to steal a hard drive from a server, confidential data remains protected.

8. Use temporary accounts

Other than full-time employees, you may have interns or contractors working in your company. These third-party employees work for a limited tenure but may leave the company vulnerable. Instead of allotting expansive rights to such employees, setting up temporary accounts with minimal privileges ensure these accounts are inaccessible after the individual departs.

LepideAuditor helps you track the activities of these temporary accounts in the IT environment and updates you on the creation, deletion or on-time deactivation of such accounts.

9. Remove stale user accounts

Ex-employees are well-aware of the security vulnerabilities existing in your system. To get past the security perimeter, these former employees use unused or stale user accounts and make changes.

As a quick fix, identifying accounts which are inactive for 90 days or more must be deleted right away. Don’t let ex-employees sabotage your secured IT networks. Active Directory Cleaner, part of LepideAuditor, automates this task for you.

Use LepideAuditor to detect unauthorized activity by ex-employees

IT experts suggest that identifying disgruntled employees in the company can help bolster your defenses against budding insider attacks. It is these malicious insiders who find ways to take advantage of relaxed security protocols and valuable sensitive data.

LepideAuditor is one of the easiest ways to protect yourself against these threats. The solution offers predefined reports and real-time alerts that help you create a more secure IT environment. Start your free trial today.


Lepide® is a Registered Trademarks of Lepide Software Private Limited. © Copyright 2018 Lepide Software Private Limited. All Trademarks Acknowledged.