Disgruntled Employee Suddenly Quits South Florida Business
How to Protect Your Company from Insider Threats
Data breaches caused by insiders are on the rise—both in terms of frequency and cost to the business – accounting for 60% of data breaches. According to a recent Wall Street Journal Pro Research Survey of cybersecurity executives at nearly 400 companies, 67% said they were concerned about malicious employees. Disgruntled employees can be a significant risk to any organization because they possess two components needed to cause damage: access and motivation.
They know all the ins and outs of a company’s infrastructure, the weaknesses in an organization’s cybersecurity, and the location and nature of sensitive data they can abuse. A disgruntled employee who maintains access to company systems can sell confidential and proprietary information, financial information, and high-level administrative privileges to corporate applications. Insider attacks from disgruntled employees often lead to financial and reputational losses and may even ruin a business.
How to Identify a Disgruntled Employee
Disgruntled employees will often display the following behaviors:
- Frequent absences from work: It’s counterintuitive, but one of the first indications that an employee is likely to quit is an increasing tendency to miss work. Frequent absences like unplanned vacations, frequent requests for medical leave, or unexplained disappearances from a desk can indicate that the employee is distracted, disgruntled, or actively interviewing for another job.
- Changes in employee temperament: Strong emotions are often an indicator that an employee is under stress. A usually even-tempered employee who starts exhibiting changes in temperament, such as yelling, or becoming violent, might be a walking threat. Similarly, a normally outgoing employee who isolates himself may be plotting an exploit.
- Changes in computer behavior such as downloading a questionable file size, sending PDFs through encrypted messaging platforms, or sending unusually large emails to personal accounts, often indicate data theft and corporate espionage.
- Anger at feedback: Employees who receive feedback or criticism poorly may become disgruntled and vengeful. If you notice an employee exhibiting angry behavior after being disciplined, keep them on your radar.
- Financial problems: Employees who indicate that they are in dire financial straits could have a greater temptation to steal company assets or expose your organization’s proprietary information for personal gain.
- Antagonism: Be watchful of employees who are consistently negative about company policies and try to rally others to their cause.
- Frequent efforts to access unauthorized systems: While the security department would typically flag an increase in failed password attempts by an external user, such behavior from an internal user might not even be noticed. Yet, such trends could indicate potentially dangerous insider activity.
How to Prevent a Disgruntled Employee from Sabotaging Your IT Systems
Here are some strategies you can employ to prevent, detect, and stop security incidents caused by disgruntled employees:
- Change passwords and disable accounts: Revoke system access immediately as soon as the employee leaves the company. This puts an immediate end to their access to any sensitive information. Remove the employee from all access to system and cloud accounts, including Active Directory, Office 365, remote/VPN access, and company-owned social media accounts, cloud accounts, and application accounts. You can also view users’ permission on the shared files and folders and revoke them. You should also delete the employee’s voicemail account or change the voicemail password.
- Revoke access to email: You should immediately revoke access to all email addresses associated with that employee. They have left the company and should no longer have the ability to speak for it. Forward the email to someone else, such as the departed employee’s manager or replacement, to ensure that no important email goes unread in an inactive inbox. For client communication, in particular, make sure that you specify who their new contact will be.
- Monitor account information after the employee quits: Maintain visibility of company accounts so that any post-employment access issues are immediately apparent. A governance-driven identity and access management system will provide ongoing visibility into orphaned accounts, inappropriate access, and policy violations.
- Centralized logging and reporting: Another way to protect your organization from disgruntled employees is through centralized logging and reporting of employee activity so that administrators know which files are being accessed, who is accessing them, when they were accessed, the devices on which they were stored, etc. Centralized logging and reporting not only allows investigators to conduct forensic analysis to track where files were copied and by whom, but employee knowledge of these capabilities might inhibit inappropriate behavior by departing employees.
- Retrieve company assets: Obtain custody of the employee’s company-supplied computers and mobile devices, as well as all external hard drives, thumb drives, and backup discs, and require the departing employee to sign a document indicating they have returned all corporate data assets. You should also take an inventory of all of the files or projects on which the employee was working and ensure that all such materials have been returned. This is particularly important for employees who work remotely.
- Wipe company information: Most organizations implement Bring Your Own Device (BYOD) policies allowing employees to use personal devices for work. It’s possible to remotely wipe all company information from your former employee’s personal devices used for work.
- Create a response plan: Having an emergency response plan and procedures in place will establish a clear guide on what to do in the event of an incident. Most employers are not adequately prepared to deal with the aftermath of employee data theft, and many do not take the steps necessary to mitigate these risks before they occur.
- Backup your data: The best way to protect your data from disgruntled employees is to ensure that all corporate data is backed up, preferably to a central or easily accessible location. By implementing a comprehensive backup and recovery solution, you protect your business against external and internal threats. If an ex-employee happens to delete sensitive information, you can easily and quickly restore data and avoid the high costs of downtime and data loss.
- Control what employees have access to in the first place: Employees don’t need access to all company systems. For example, only rarely would engineering employees need to access data in CRM systems, nor would salespeople need to access HR data. If a disgruntled employee only has access to a limited set of resources while they’re on the job, that limits exposure after they’re gone to just those resources—and not to other applications and data.
ECW Can Protect You Against Disgruntled Employees
Security threats caused by disgruntled employees can happen to any company, and the consequences of insider-related breaches are often devastating. However, in most cases, it’s possible to detect and stop insider attacks with the help of a dedicated cybersecurity team. ECW Network & IT Solutions can help secure your network from departing employees.
We can help put proper safeguards in place, such as restricting data downloads, blocking file transfers, deactivating storage devices and accounts, remotely wiping company data from personal devices, and developing a data recovery solution and emergency response plan customized to your unique requirements. Contact us today to schedule a consultation and let us improve your company’s cybersecurity posture.
ECW Computers is an information technology company. Headquartered in Deerfield Beach, FL, we specialize in providing unique, specially-tailored Managed IT solutions to businesses in Fort Lauderdale, West Palm Beach, Miami and across South Florida.