Secure Your Company Data When an Employee Resigns

How to Secure Your Company Data When an Employee Resigns

In the modern world of near-constant high-profile cyberattacks, most companies are worried about external hackers breaking into their systems and stealing their data. While these hackers do certainly present a threat, an even bigger one is lurking right under your nose – your own employees. According to a recent Ponemon Report on the Cost of Insider Threats, the frequency and cost of insider threats —which include disgruntled employees— have increased dramatically over the past few years. Criminal and malicious insiders cost organizations an average of $756,760 per incident in investigation, response and remediation costs.

How Do Former Employees Become Security Threats?

When employees leave a company, whether voluntarily or involuntarily, it is quite common for them to take sensitive and confidential company data such as intellectual property or trade secrets with them. Former employees may hang onto login credentials for wireless networks, company and customer information databases, customer relationship management (CRM) applications, social networks, and more. They may have copied sensitive information onto personal devices or personal cloud storage accounts.

Often, employees don’t have malicious intent when they take your data. They may forget that they’ve downloaded a sensitive file to their smartphone or think it’s okay to build a personal portfolio of materials they have created while working for your company. For example, the Federal Deposit Insurance Corp suffered an accidental data breach when a former employee unintentionally left the company with a storage device containing information and data relating to 44,000 customers.

However, if an employee suddenly resigns or leaves the organization on unhappy or bad terms, there’s a risk that these employees would try to harm the company by leaking confidential information about the company. The theft of this information can damage your company in various ways, including putting your company at risk of a regulatory violation, harming your competitive position, reputational damage, and revenue loss.

What to Do After an Employee Leaves

If your offboarding process doesn’t give you confidence that former staff no longer have access to your organization’s infrastructure, then chances are your environment is sprinkled with security gaps. That means former employees may still be able to delete files, misconfigure servers, alter data, or steal intellectual property. Here are some steps organizations should adopt to ensure that no data leaves with an employee who has resigned or was terminated.

• Disable the employee’s user accounts: Remove the employee from all access to Active Directory (AD) and 365 groups and memberships. Make sure you also close employee SaaS accounts.
• Change any shared passwords the employee knew and shut down their access to off-premise or third-party services like G-Suite, Dropbox, OneLogin, and 1Password.
• Disable access to the employee’s company email and instant messaging account: As soon as an employee is terminated or is signing off on their last day, you’ll want to disable their access to their company email address and forward the mail to someone else at the company. If your company uses instant messaging apps like Slack or Microsoft Teams, you’ll also want to disable the employee’s account there as soon as possible.
• Disable access to the employee’s phone and voicemail account: Change the employee’s voice mailbox password and make sure the employee doesn’t have access to use the phone system.
• Terminate VPN and remote desktop access: This might seem like a no-brainer, but it can be easy to overlook, making it easy to leave open some pathways that the former employee might use to get on the network. Revoke all forms of remote access, including access to email, VPN, remote desktop, and voice mail. Double-check to ensure there are no backdoors into the network or any other remote access solution that may have been installed. This includes GoToMyPC, LogMeIn, and other similar software.
• Retrieve or disable all company-owned physical assets: Any device which is given to the employee when they start at your company, whether it’s a phone, laptop, or tablet, is technically owned by you and your business, meaning you have every right to retrieve the device when the employee leaves and wipe it clean.
• Wipe company apps and data from personal devices: If your company uses a BYOD policy, employee personal devices such as laptops and phones will have enterprise and client emails, strategic information, work documents, and other data. Once an employee resigns, quits, or is fired, be sure to wipe all company data from their personal devices.
• Change door codes or PINs to disable physical access to the company’s premises: If someone other than you—like a security manager or operations manager—manages these, make sure that person acts promptly when the employee is terminated to prevent unauthorized access to the office.
• Perform a complete backup of the employee’s hard drive if the data isn’t already saved and archived in the cloud or as part of your company’s general backup routine. Restore the last two months of the employee’s user folders on the network (to another location for storage) or suspend the backup rotation. This will allow you to compare the folder contents at the time of departure with older versions to identify items that might have been deleted.
• Communicate exit to the rest of the company as soon as possible: Notify employees about the individual’s departure and emphasize that the person shouldn’t be granted physical access to facilities or logical access information systems. You should also notify key external contacts about the individual’s departure and ask that the departed employee not be granted any access. This includes contacting vendors, customers, contractors, phone vendors, disaster recovery sites, off-site storage contacts, network vendors, etc.

Policies to Prevent Cybersecurity Breaches When an Employee Resigns

To reduce the risk of employees taking information with them when they leave, employers should establish detailed and thorough policies and procedures focused on ensuring visibility into employee practices, limiting employee access to data, requiring encryption of sensitive data, managing devices properly, ensuring that data is backed up and archived properly, and ensuring that IT has access to all corporate data to which it should have access (some confidential data, such as HR data, should not be available to IT in all cases.

To support these policies and procedures, organizations should evaluate and deploy various technology solutions such as content archiving, file sharing and collaboration, encryption, mobile device management, employee activity monitoring, data loss prevention, logging and reporting, virtual desktops, and other solutions that will minimize the possibility of employees misappropriating corporate data upon their departure.

Protect Your Data With Schilling IT

With data breaches becoming increasingly prevalent in the workplace today, coupled with a handful of potential thirsty-for-revenge employees, organizations need to take extra precautions to safeguard the company whenever an employee leaves. As one of the top cybersecurity consulting firms in Indiana, Schilling IT helps organizations of all sizes ensure that they are properly protected from any potential breach when employees leave their employment. We provide comprehensive cybersecurity solutions to secure your organization from all cybersecurity threats (external and internal). Contact us today to schedule a consultation with one of our cybersecurity experts and get a free quote.