Disgruntled Employee Leaving? Do This Now!
Employees leave for a variety of reasons; but regardless of the reason employees leave, the employees have spent a significant amount of time in your organization’s environment where they have had years or months worth of access to your organization’s IT systems. Security should always be the main priority for every organization. 2021 has produced numerous high-profile media reports detailing ransomware attacks and security breaches, in addition to the crippling effect these attacks had on the targeted organizations.
One of the things that many are not aware of is the fact that a majority of data breaches take place from within an organization, either by disgruntled employees or an inexperienced or unsuspecting employee who has fallen for a phishing scam. If current employees present the greatest exposure to cyber threats, consider the risk that an employee who is leaving could present. Can you imagine the damage that an employee – a potentially disgruntled and angry one – who is preparing to leave the company could do? While the employee may have remained loyal to the organization while still being employed, the loyalty can quickly fade once the employee officially becomes a former employee.
Security risks are ever-increasing, and this makes it even more important for organizations to make sure they cover their IT infrastructure against the dangers that could be lurking after an employee leaves.
Offboarding Checklist for Departing Employees
As employees prepare to leave, there are some things that you should include in your onboarding and departure strategies moving forward:
- If the departing employee was given Administrator privileges to your organization’s IT systems, inspect the system for any alternative accounts or other privileges that the employee may have created to gain unauthorized access. There are numerous systems and devices that are hidden from plain sight, and these devices will require login access. It is crucial that the employee who is leaving no longer has access to the devices and systems.
- Disable and retrieve any physical assets the ex-employee was given access to.
- Inform your vendors and partners that the employee is departing so your organization can avoid any unauthorized usage moving forward.
- Perform an inspection of the employee’s work devices to determine if the devices have malware or other security dangers. Malware and spyware systems can be installed with ease, and many organizations fail to notice them. These types of software can send sensitive and confidential data to hackers.
- If there were shared passwords within your organization, change the passwords immediately and shut down access to other services.
- When an employee is terminated or is on the last day on the job, you should disable their access to the company email address.
- Terminate remote desktop access.
When you bring in employees, you should make a list of everything the employee has access to within the organization, especially the IT assets such as desktop computers, laptops, mobile devices, key cards, etc. Ensure the list is current so when an employee does leave, you will know what assets need to be immediately disabled once the employee departs.
Prevent Access After Employee Termination
It is certainly not uncommon for ex-employees to attack their former organization. Most of the attacks occur because ex-employees feel that they were unfairly dismissed or they were disgruntled for other reasons. When you consider this, system access should be revoked immediately. Permission changes can also be monitored across all components. It is a wise decision to implement best practices that will outline the most efficient and effective ways to review the access rights of your employees.
When reviewing the access rights of your employees, you should wipe any credentials and accounts that will no longer be active. We understand that you may have some employees who will object to regularly changing their passwords, but doing so can decrease the risk of former employees gaining access to data or content that is no longer authorized to use. If current employees do not change their passwords regularly, it could be easy for an ex-employee to gain access to accounts by entering the password of a former co-worker. Organizations should also analyze and monitor the data the employee had access to before leaving.
Do Now Allow Ex-Employees to Damage Your Organization
It is important to keep a watchful eye over the actions of an employee as soon as it has been determined that the employee will depart. Security incidents involving data files or permission changes should be addressed immediately. Eliminate any privileged access as soon as you have been notified that the employee is leaving. You would like to believe that when that disgruntled employee leaves the organization, that employee will be gone for good. However, this is not always the case. A disgruntled ex-employee who still has access to credentials that have not been changed can easily bypass the organization’s security perimeter and jeopardize the entire operations of the organization.
Network hardware failures. Internet outages. External threats. Ransomware attacks. These are the types of security issues you spend your time and resources preparing for. However, employee offboarding can present more security issues than many organizations realize. It does not matter if an employee wants to leave the workplace to pursue other opportunities or if the employee has been terminated, your organization’s network and data should be safe and secure. Many employees have left organizations while still having access to their credentials and other privileges, and they could choose to wreak havoc on the organization.
Detect Security Issues With a Security Incident Response Team
Disgruntled employees will want to do more than leave the organization, they will want to disrupt as much of the business operations as possible, by deleting data and looking for more ways to damage the organization for personal gain. One of the best things your organization can do is establish a security incident response team that will help your organization prevent, detect and handle any security incident as soon as it happens.
Departing employee IT security should begin before an employee is getting ready to leave; it should also begin well before an employee is onboarded. It only takes one disgruntled employee to take down an organization. CTI Technology helps you protect your business. Discover more at https://www.ctinc.com.