Protecting Corporate Data from Angry Ex-Employees

By the DynaSis Team

Only a decade or so ago, the biggest concerns when companies fired or laid off workers was whether they might take office supplies or talk negatively about the firm after they left. In all but the most extreme situations, ex-workers rarely caused trouble, post-departure. With the growing value of digital information—and the havoc caused when criminals possess it—this is no longer the case.

As the media reported in 2015, the crippling Sony hack was the work of a former employee. Furthermore, “cybercrime for hire” sites that match individuals and companies with resources eager to assist with criminal activity, from hacking a Gmail account to taking over a corporate server, have popped up on the Internet.

In the case of former employees, an organization’s competitor might post an ad looking for corporate trade secrets—and a disgruntled ex-worker might have the skills to obtain (or already possess) them. Former and current employee cybercrime has become so prevalent that in late 2014, the Department of Homeland Security posted an alert warning companies to be vigilant.

Fortunately, organizations can take proactive steps to minimize their odds of being victimized by former employees. These rules apply to all departing employees, no matter the circumstances.

• On a company-wide basis, implement clear post-employment policies and procedures as part of the overall employment lifecycle. These should be communicated to personnel—and implemented to the appropriate degree—at the start of employment, along with other on-boarding information.
• Wipe corporate data and applications from all devices when an employee leaves. This should include both corporate-owned and employee-owned (BYOD) devices.
• Remove ex-workers’ network access to corporate data and applications immediately upon departure. The best option is to delete user accounts. A second, slightly less effective solution is to change user names and passwords.
• Rely on automated tools. Companies like DynaSis use powerful automated platforms that make it easy to secure and wipe corporate data, so the task won’t “slip through the cracks” if the assigned worker is busy.
• Conduct exit interviews that include discussing data issues. When personnel leave, they should be reminded that any use of corporate data could result in criminal prosecution. It is far more effective to restrain a horse from running than to close the barn door after it escapes.
• Don’t forget the cloud. Organizations should not only ensure no cloud resources remain accessible to former employees, they also should have policies in place, up front, that prohibit personnel from storing corporate data in private cloud repositories. (Blocking unsanctioned cloud storage sites at the network level is an even better solution, but that requires advanced skills and technologies that may require a managed IT services provider.)

Selection of an IT outsourcing company is a very important business decision. For almost a quarter century, Atlanta’s small to mid-sized businesses have relied on DynaSis’ for managed IT services, Internet security, and 24 x 7 x 365 helpdesk support. Today, with cybercrime becoming an ever-increasing threat, DynaSis has become an industry leader in network protection and ransomware prevention. Please take a tour through our website at www.DynaSis.com or speak with a technical expert at 678.218.1769.