According to digital security consultants @stake, businesses are failing to take adequate security precautions to keep disgruntled ex-employees from using company IT equipment and inside knowledge to commit digital sabotage. With a greater percentage of business being conducted over the Internet, more workers handling affairs from remote offices, and an increasing amount of important company information stored on company servers, organizations are increasingly vulnerable to this misuse of their digital information or resources.
@stake stresses that the risk of exposing commercially sensitive information such as pay structures, business plans, and valuable product information, or of allowing access to IT resources at the company’s expense, can be greatly reduced by having a policy in place that can be implemented as soon as an employee leaves a company.
Some of @stake’s guidelines to limiting the threat from former employees include:
- Patrol your perimeter—Companies should regularly make security checks on their network perimeter, building a log of all the connections.
- Roll-call of company equipment—Laptops owned by the company give employees an excellent tool to start their attack. Companies should regularly take stock of all IT equipment and of the staff member borrowing the equipment.
- Check for unofficial accounts—Employees may have set up their own accounts, other than those allocated by the company, which may go unnoticed when the employee leaves.
- Terminate user accounts—Companies should have a routine of simply turning off access to a user’s account once they are no longer employed.
- Disable passwords—Companies should have a policy of expiring the passwords of employees immediately after departure.
- Careless talk costs—There should be a realistic policy in place to ensure employees do not pass on updated passwords to ex-colleagues or allow them to share a multi-user account.
- Work together—The IT manager should work with other relevant departments, such as Human Resources, to ensure the smooth implementation of a planned IT security procedure.
Based on a report from @stake
