How To Prevent Ex-employees From Compromising Your Business

How To Prevent Ex-employees From Compromising Your Business

How To Prevent Ex-employees From Compromising Your Business

Ex-employees – the underlying insider threat

More often than not, employees don’t leave the organisation on amicable terms exactly. Ex-employees are more prone to have reason to abuse their access to the company network for malicious conduct. Most businesses fail to competently protect their networks from threats from ex-employees, who may be able to access the corporate network even after leaving the company. This makes the former employees one of the greatest insider threat, yet the easiest to handle. You only need to ensure that deactivating accounts and changing passwords are a mandatory part of the termination process.

Employees may also innocently cause data leakage, especially if they are using non-enterprise solutions like Dropbox to share or store data. Manual termination of accounts will not provide a fool-proof solution. The account termination and data monitoring should be an automated process to ensure that ex-employees do not compromise your business unknowingly or otherwise.

How to prevent ex-employees from threatening your business IT security

Here are some measures to protect your company networks from being compromised because of data breach incidents caused by ex-employees.

How to prevent ex-employees from compromising your business | CA

Monitor account behaviour post-resignation

It is vital to monitor an employee’s actions from the moment they decide to resign from their position. You must be on guard to detect any security incident involving copying confidential data or changing permissions immediately. Restrict all privileged access shortly after the employee’s declaration on leaving the company.

Regular IT auditing

An ex-employee with a malicious intent who have access to working login credentials can easily evade the security perimeter and risk business operations. Implementing an IT auditing solution can ensure better internal IT security that will protect against such malicious actions.

Remove employee access after termination

Research shows that in most cases, employees attack when they feel that their dismissal was unfair, or they are disgruntled in any way. To prevent this, remove all system access, however insignificant, immediately after they leave the company.

Data encryption a must

No one can predict when a loyal employee will turn malicious and attempt to steal confidential business information. This makes your business always at risks for attacks. Any attempt to steal data from a server can be thwarted by data encryption.

Use temporary accounts for limited tenure employees

Restrict access to third-party employees like interns or contractors who work for a limited tenure. Set up temporary accounts with minimal privileges. You should also ensure these accounts are inaccessible as soon as the person leaves the company.

Remove inactive user accounts

Employees are aware of security vulnerabilities existing in your network system. As ex-employees they use inactive or less-used user accounts to evade security measures and access company networks. It’s essential to identify and delete accounts which are in active for more than 90 days.

Establish a security incident response team

Establish a security incident response team who can quickly recognize, report and respond to a security incident. You may benefit from using professional services like Computing Australia, as this needs a high level of skill.

Implement an automated information system

Sometimes the IT teams will be unaware of an employee’s termination because of inter-departmental communication failure. This can be prevented by establishing an automated information system to deactivate inactive accounts and change passwords once the employee leaves the company.

Implementing these measures can help you prevent ex-employees from compromising your business network. Automating the IT and HR departments, identifying disgruntled employees can help you reinforce your defences against budding insider attacks and protect your sensitive data.

Jargon Buster

Encryption – A process that converts a message or file from its original representation to an alternative form so that it can be only be read by certain people.
IT auditing – examination and evaluation of a company’s IT infrastructure, policies and operations to determine whether IT controls protect corporate assets, ensure data integrity etc.

Gordon Murdoch | Blog author | Computing Australia

Gordon Murdoch

Gordon is the Service Delivery Manager at The Computing Australia Group, he is responsible for the delivery of all Computing Australia technical support services. It is a busy portfolio to manage as we have a lot of techs and our clients generate thousands of new tickets every day. If you are looking for a tech company that is passionate about service delivery, give Computing Australia a go. Many of our clients have been with us for all of our last 20 years of operation which is something we are all proud of here.

Gordon Murdoch | Blog author | Computing Australia

Gordon Murdoch

Gordon is the Service Delivery Manager at The Computing Australia Group, he is responsible for the delivery of all Computing Australia technical support services. It is a busy portfolio to manage as we have a lot of techs and our clients generate thousands of new tickets every day. If you are looking for a tech company that is passionate about service delivery, give Computing Australia a go. Many of our clients have been with us for all of our last 20 years of operation which is something we are all proud of here.

Call Me Back!

We know you are busy - no need to wait in a queue - fill out this form and we will call you back within 15 minutes.

Icon