How Vengeful Employees Can Be the Bane of Your Business

With computer viruses and data hacks flooding the headlines; it isn’t surprising that a majority of businesses are installing the latest security systems required to defend against modern attacks. Although many are focused on fending off malicious hackers; there’s another more dangerous threat to your organisation — the vengeful ex-employee.

According to an FBI public service announcement; cyber incidents caused by disgruntled employees can cost businesses anywhere from $5,000 to $3 million (USD). These incidents can range from data leaks to full-blown malware attacks; that can ruin everything you’ve worked for.

To make sure your business doesn’t fall victim to revenge-seeking employees, here’s what you need to know.

Plenty of ways to destroy your company

It’s shockingly easy for old staff members to infiltrate a business; after they’ve been fired. In fact, a large majority of businesses forget to terminate user accounts from Salesforce, Office 365, SharePoint, and Facebook; allowing ex-employees to retain login credentials. If any held a grudge to their former employer; their password is all they need to bypass all your expensive security protocols.

For example, a former purchasing manager with password access may tap into the business’s bank account to purchase personal items. Others could threaten to destroy sensitive information that could severely impact business operations. Former IT administrators, with full knowledge of the company’s security weaknesses; could even hack into business networks and threaten to shut down the entire system.

Even if a fired worker didn’t directly attack a business; he or she could still leak vital information. In 2015, for instance, an ex-manager of Australian steel corporation BlueScope; allegedly stole 40GB of sensitive documents before she was laid off; and used the files for her next job.

The growing threat

Because of the growth of new technologies, revenge attacks are more frequent than ever before. Cloud adoption may have significant cost-reduction benefits for businesses; but the problem is; these web applications can be accessed by anyone outside the company as long as they have the password.

The rise of bring your own device (BYOD) policies; where employees are allowed to use their personal devices for work; also pose inherent risks. Since personal smartphones, laptops, and tablets stay with employees after they’ve been let go; he or she may still have company documents and applications saved on their mobile device.

As such, companies must have a clear set of procedures for handling cloud accounts; mobile devices, applications, and data when workers have been made redundant. To prevent these incidents, consider the following tips:

  1. Keep track of digital assets – first; you must take a detailed inventory of all the accounts, data, security passes, and corporate devices each staff member uses. This will serve as a checklist to ensure that vital assets are returned to your company.
  2. Deactivate accounts – once you’ve compiled the inventory; deactivate stagnant user accounts immediately. Web applications like Dynamics CRM usually have System Administrator options that allow you to remove employees from your subscription. And if you’re using shared passwords for a company Facebook or Twitter account; remember to set a new password to prevent saboteurs from making rogue posts.
  3. Deprovision Office 365 – if your company uses Office 365; go to the Admin Centre and reset the ex-employee’s Active Directory password so they can no longer access their account. From there, add a manager as the co-owner of the account to retrieve and store any important resources. Then, simply delete the account and withdraw the Office 365 license.
  4. Remove sensitive data from personal devices – organisations that operate with BYOD policies; should also have procedures in place to wipe company data off of mobile devices. Mobile Device Management (MDM) solutions have selective wipe features; which helps in deleting sensitive company data while keeping personal information intact.
  5. Monitor system activity – remote, 24/7 surveillance of your servers, devices, and networks will help you act on unauthorised access or malware incidents early.
  6. Create a response plan – talk to a managed services provider and have them set up cloud backups to recover compromised data and software.
  7. Deter bad behaviour – another way to avoid the wrath of a former employee is to set up disciplinary policies and penalties in non-disclosure agreements; to discourage those who would compromise the security of your organisation.

Once you’ve addressed these steps; make sure current and future staff understand these procedures so they know what to expect if they ever left the company.

Are you ready?

Fired workers pose a serious risk for organisations; but they can be managed with the right preparation. As long as your company is proactive with account management, data deletion, and 24/7 system monitoring; you can reduce the chances of an attack. And if you don’t have the security expertise; a trusted managed services provider can provide the tools, manpower, and advice to help you fend off a backstabbing employee.

At Empower IT; we do all we can to ensure your company is not blindsided by vengeful workers. We implement MDM solutions, manage your business accounts; as well as use remote monitoring tools to keep your company safe. Call us today for all your cybersecurity needs.