The danger of the disgruntled employee to business security
Picture credit: iStockPhoto
Business leaders have enough to worry about when it comes to their companies’ security. Stories of major security breaches seem to fill the headlines every week as large companies struggle to keep up with the constant evolution of outside security threats. As troubling as these stories are, business leaders may have yet another threat to worry about, only this one originates from within.
According to a recent public service announcement from the Department of Homeland Security, former employees may be a significant threat to business security. Considering the damages from an internal cyber attack from an ex-employee can cost anywhere from $5,000 to as much as $3 million, the dangers of the disgruntled employee are severe enough that business leaders have no choice but to take the threats seriously.
The cloud and BYOD has opened new avenues for angry ex-employees to attack former employers
It’s surprisingly easy for ex-employees to attack a business after they’ve been let go. In fact, a shocking number of employees can still access vital company applications like Facebook and Salesforce after leaving; a study from Intermedia puts the number at nearly 90%. The same study also shows about half of ex-employees actually logged in to former business accounts after parting ways, and 68% managed to store work files on their personal cloud storage accounts.
From there, it’s relatively simple for fired workers with an axe to grind to attack their former employers. They can use their old company passwords to infiltrate corporate apps and do some serious damage. For example, an ex-worker with password access may use the company PayPal account to purchase personal items.
Some may choose to destroy valuable data that could severely affect company operations. Others may use the tactic of using remote desktop protocol software that was installed before termination to access and control computers from a different endpoint device.
There are many other ways disgruntled employees can target companies they used to work for. By having access to sensitive information, ex-employees can blackmail their former bosses, extorting them for money by threatening to leak private data. They may also blackmail businesses by cutting off access to corporate websites and applications until their demands are met.
Even if employees don't directly damage a company, they may steal sensitive data and take it to their next job
This strategy effectively grinds company operations to a halt, putting whole businesses at the mercy of the vengeful former employee. Even if a fired worker doesn’t try to directly damage a company, they may steal sensitive data and take it to their next job, giving business rivals a noticeable edge over the competition.
The growth of new technology has made sabotage by ex-employees a lot easier than before. Many companies are using the cloud and various cloud applications, but the downside is that these applications can be accessed by people outside the company as long as they have the login information and password.
Businesses are also adopting bring your own device (BYOD) policies, which allow employees to use personal devices for work. As can be seen, however, personal devices are retained by the employee after dismissal, which means he or she may still access any information relating to the company that’s saved on the mobile device. In short, the cloud and BYOD has opened new avenues for angry ex-employees to attack former employers.
As businesses start to understand the inherent dangers posed by disgruntled workers, they need to put into practice methods which can prevent attacks. First, when an employee is let go, their business accounts should automatically be terminated. And BYOD devices should be wiped of company data. All password access should be changed, particularly when someone from the IT department is fired.
Nearly 90% of employees can still access vital company applications like Facebook and Salesforce after leaving
Companies should also make sure to not share identical passwords and usernames for multiple networks and platforms. All businesses also need to review on a regular basis which employees have access to which systems and keep that list updated whenever a change happens. Some of these ideas may sound like common sense, but some companies delay action, which in turn makes them more vulnerable.
Another way to avoid angry ex-employees is to simply try to keep them satisfied with their job, either through higher pay or other perks. If an employee has no real reason to become angry with the company, then they likely won’t pose a risk in the future.
Disgruntled former workers represent a new worry for business leaders, but they’re one that can be managed with the right preparation. As long as companies are actively working to protect their systems and recognise the threats, the risks from an angry ex-employee can be kept to a minimum. With this in mind, business leaders can renew their focus on securing their systems from outside threats once more.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.
- » The 10 ways asset intelligence improves cybersecurity resiliency and persistence
- » How to deal with technical debt to fully go through the gears of digital transformation
- » Actions speak louder than words: Moving from digital transformation to ‘data transformation’
- » 10 ways to own your cybersecurity in 2020: Passwords, practice and prevention
- » The quest for the perfect PC: Travelling through the cloud, via VDI and desktop centralisation