How To Prevent Ex-employees From Compromising Your Business

In a previous post, we have spoken about how employee mobiles can pose a security risk. But what about ex-employees? They are one of the biggest threats to small and medium-sized businesses. Ex-employees can cause threats to your business unknowingly or with malicious intent. It is important to understand how to prevent ex-employees from compromising your business to keep your business secure.

Ex-employees – the underlying insider threat

More often than not, employees don’t leave the organisation on amicable terms exactly. Ex-employees are more prone to have reason to abuse their access to the company network for malicious conduct. Most businesses fail to competently protect their networks from threats from ex-employees, who may be able to access the corporate network even after leaving the company. This makes the former employees one of the greatest insider threat, yet the easiest to handle. You only need to ensure that deactivating accounts and changing passwords are a mandatory part of the termination process.

Employees may also innocently cause data leakage, especially if they are using non-enterprise solutions like Dropbox to share or store data. Manual termination of accounts will not provide a fool-proof solution. The account termination and data monitoring should be an automated process to ensure that ex-employees do not compromise your business unknowingly or otherwise.

How to prevent ex-employees from threatening your business IT security

Here are some measures to protect your company networks from being compromised because of data breach incidents caused by ex-employees.

Monitor account behaviour post-resignation

It is vital to monitor an employee’s actions from the moment they decide to resign from their position. You must be on guard to detect any security incident involving copying confidential data or changing permissions immediately. Restrict all privileged access shortly after the employee’s declaration on leaving the company.

Regular IT auditing

An ex-employee with a malicious intent who have access to working login credentials can easily evade the security perimeter and risk business operations. Implementing an IT auditing solution can ensure better internal IT security that will protect against such malicious actions.

Remove employee access after termination

Research shows that in most cases, employees attack when they feel that their dismissal was unfair, or they are disgruntled in any way. To prevent this, remove all system access, however insignificant, immediately after they leave the company.

Data encryption a must

No one can predict when a loyal employee will turn malicious and attempt to steal confidential business information. This makes your business always at risks for attacks. Any attempt to steal data from a server can be thwarted by data encryption.

Use temporary accounts for limited tenure employees

Restrict access to third-party employees like interns or contractors who work for a limited tenure. Set up temporary accounts with minimal privileges. You should also ensure these accounts are inaccessible as soon as the person leaves the company.

Remove inactive user accounts

Employees are aware of security vulnerabilities existing in your network system. As ex-employees they use inactive or less-used user accounts to evade security measures and access company networks. It’s essential to identify and delete accounts which are in active for more than 90 days.

Establish a security incident response team

Establish a security incident response team who can quickly recognize, report and respond to a security incident. You may benefit from using professional services like Computing Australia, as this needs a high level of skill.

Implement an automated information system

Sometimes the IT teams will be unaware of an employee’s termination because of inter-departmental communication failure. This can be prevented by establishing an automated information system to deactivate inactive accounts and change passwords once the employee leaves the company.

Implementing these measures can help you prevent ex-employees from compromising your business network. Automating the IT and HR departments, identifying disgruntled employees can help you reinforce your defences against budding insider attacks and protect your sensitive data.

Computing Australia has been helping various clients secure their systems from cyber threats for more than 20 years. If you are looking for a sturdy cybersecurity solution to secure your business, contact us or email at cybersecurity@computingaustralia.group. Our cybersecurity experts are 24/7 available to assist you with your cybersecurity queries.

Computing Australia is a member of The Computing Australia Group of Companies

Jargon Buster

Encryption – A process that converts a message or file from its original representation to an alternative form so that it can be only be read by certain people.
IT auditing – examination and evaluation of a company’s IT infrastructure, policies and operations to determine whether IT controls protect corporate assets, ensure data integrity etc.