Understanding the Security Risks of Disgruntled Employees
Disgruntled employees typically pose serious security threats to the entire company. A recent report reveals insider threats from employees cause nearly 30% of all data breaches on purpose or accidentally. When employees feel they are unjustly overlooked for an opportunity or have been fired in unfair circumstances, they may revenge by deleting data or stealing software and intellectual property, which they will use to gain a competitive advantage with a new employer. Notably, the organization’s endpoints, databases, mobile devices, networks, cloud infrastructure, or applications are some assets that insiders leverage to launch attacks.
Five Examples of Internal Breaches
The following are just a few of hundreds of examples showing how real the threat of insider breach is:
- Employee error: In 2016, an attacker impersonating the Snapchat social media company CEO Evan Spiegel tricked an employee into emailing payroll information of some 700 current and former employees leading to one of the notable data breach incidents in the USA.
- Employee negligence: In a 2017 breach, a City of Calgary employee acted with the most apparent negligent when they emailed an employee of another Alberta municipality sharing Workers’ Compensation Board claim details, medical records, Social Insurance Numbers, addresses, dates of birth, and other sensitive details. This resulted in a massive breach affecting more than 3700 employees and a $92.9 million lawsuit.
- Employee negligence: The Equifax breach that exposed sensitive data of nearly 146 million Americans was caused by a single employee’s negligent actions. The employee ignored several calls and warnings to update security and implemented system updates and fixes to prevent breaches.
- Disgruntled employee: A computer programmer for North Carolina-based Lance, angered over a demotion, planted a logic bomb that took field sales reps’ computers offline for days.
- Disgruntled employee: A former network administrator for the city of San Francisco refused to give up the city’s system passwords to get back at his former supervisors
- Disgruntled employee: A network engineer working with EnerVest sabotaged its systems by returning them to original factory settings after learning he was about to be fired.
- No malicious intent: In March 2016, a Federal Deposit Insurance Corp. (FDIC) employee inadvertently and without malicious intent downloaded sensitive data relating to over 44,000 customers to a personal storage device and left the organization with it. Fortunately, the breach was discovered on time, and the former employee returned the storage device and sent an affidavit assuring the information was never used.
Tips to Protect Against Internal Breaches
Employee training
As shown from the above examples, it is not only the malicious actors who can put your organization at risk. Loyal employees can also unwittingly sabotage systems and create security threats through their ignorant actions. Although most organizations have employee training programs in place, the depth and knowledge covered by the training programs may not be sufficient to drive behavioral change in the face of increasingly complex cyber threats. Employees need to be provided with ongoing training on the several ways they could unwittingly put the organization at risk through their actions. Simple mistakes like clicking malicious links in emails and messaging apps can provide access to hackers to your company systems and networks. Experts have long identified trained employees as an organization’s first line of defense amid the rising cybercrime cases.
Establish security policy
Establish a robust security policy that encompasses guidelines for conducting insider investigations and procedures to detect and prevent misuse of access privileges. Specifically, utilizing the Principle of Least Privilege can be an effective technique to limit the ability and impact of an insider to commit an attack. Principle of Least Privilege ensures staff is provided with the least amount of access they require to accomplish specific tasks. This implies that the staff won’t have access to anything in the network that is not required to complete a given task.
Monitor behaviors of users
By monitoring users’ behaviors on your network, you can stop an impending attack early and minimize the damages. Leverage User and Entity Behavior Analytics Software (UEBA) to assess patterns of behaviors, detect anomalous actions and minimize the disruption to your business. For example, if in your monitoring you observe a staff member logging in at odd hours or downloading or uploading a large number of files, it could be a sign that an insider attack or breach is in the offing.
Don’t neglect physical security
The robust physical security that keeps people away from your crucial infrastructure is enough to prevent most insider breaches. Isolate high-value systems and restrict areas by applying tight access controls. Integrate two-factor authentication in your access systems to augment keywords. You can also consider biometric authentication, such as fingerprint scanners, to secure your IT infrastructure.
Retrieve work-issued devices
Additionally, ensure you retrieve all work-issued devices from employees who are planning to leave the company. A disgruntled employee who still has access to work-issued devices enjoys continued access to your network to pose serious security risks.
Leverage geofencing and time fencing techniques
Geofencing involves placing physical boundaries on users when using an organization’s devices and networks. Geofencing solutions come with alert systems that can be set up to send a notification whenever a device enters or leaves a specific geographical area. For example, an alert will be automatically sent to your IT security team when an iPad containing critical company information leaves your premises. The team can then lock the device and wipe all data. Time fencing also works similarly by preventing users from accessing certain data during some specific hours.
Change passwords and deactivate accounts
When it comes to a leaving employee, the first step is to change the passwords of all sensitive logins they had access to, including the company email accounts. You should also deactivate or blacklist their individual accounts to ensure your organization is well secured and protected from unknown connections. Other actions to take regarding a leaving employee include:
- Locking file hosting and deleting accounts for team collaboration tools such as Teams and SharePoint
- Revoke access codes to company buildings/ offices
- Disable multifactor authentication on your systems and networks to shut down access to vulnerable systems
- Change passwords to critical accounts that can’t be deleted or deactivated because other workers are still using them
Get Professional Help to Protect Your Company
The primary source of these threats is that most employees still have access to company systems and data even after leaving an organization. A recent study reveals nearly 90% of employees still have access to company applications, accounts, and systems such as their previous emails even after leaving employment. Employees who may have a vendetta against their former employers could use this access and information against the organization. If you need help to protect your organization against disgruntled employees, contact Veltec Networks. We provide unmatched cybersecurity services and IT managed services to organizations throughout the Bay Area. Contact us today to learn more.