The Dangers of the Rogue Employee & Weak Network Security Policies
Usually, the big data breaches involve experienced hackers in foreign countries, but your company’s biggest threat to its network security policies may be the guy who sat next to you. The guy who just had his personal belongings packed. The guy who just left the office kicking and screaming before peeling out of the parking lot.
Your ex-coworker. You know him as Bob. Your company may soon know him as their biggest nightmare; the rouge employee.
Intermedia just released a great infographic and study featuring some shocking statistics about employee data theft and what companies can do to protect against a rogue employee like Bob.
The report looks at Bureau of Labor statistics and labor turnover in the professional and business services industry, and looks at the amount of information some 923,000 people who left their jobs in November, 2014 took with them.
It’s a huge wake up call for businesses, and a call to enhance their network security policies, especially if Bob left on less-than-agreeable terms.
Let’s look at the statistics Intermedia put together, and talk about what your business can do in terms of tightening its network security policies to reverse these statistics and be in a better position to avoid an inside-attack from a rogue employee.
Shocking Statistics about the Rogue Employee & Employee Data Theft
According to the study, 89% of ex-employees are walking away with at least one password they used every day on the job. Passwords they have memorized. These passwords were to a variety of sensitive platforms that could be used in a detrimental way. Passwords to Salesforce, PayPal, email, SharePoint, the company Facebook page and more were among those mentioned in the study.
Think of all the ways an ex-employee can use these passwords to a company’s disadvantage. An ex-employee could withdraw funds from your company PayPal account. They could delete vital documents stored on SharePoint. They could post a less-than-flattering photo of their former boss on the company Facebook page. There are plenty of things a former employee could do with a password. A rogue employee could leak passwords to Russian hackers, for all we know.
When an employee leaves, change your passwords. All of them. Don’t just change it from P@ssword1 to P@ssword2. Use a secure password. Something they wouldn’t be able to access after some deep, or not-so-deep thinking.
Ex-employees do use this information to a staggering degree. The report states that 49% of ex-employees logged into an account after leaving the company, while 45% of employees retained access to “confidential” data. That constitutes as employee-data theft alone.
Along with confidential data, 88% of employees retain access to file sharing services they used at their old job, including Dropbox, Google Drive, SharePoint, Box and more. 60% of employees who had a personal cloud login were not asked for their password when they left their companies, either.
Rogue employee access, simply stated creates several problems.
- • An ex-employee can purge their personal cloud storage, which results in companies losing copies of their work.
- • Rogue access, can be considered a security breach.
- • Stolen secrets could be used to the advantage of competitors
- • An ex-employee accessing accounts constitutes a regulatory compliance failure, and your company could face fines and more if ex-employees can still access and edit data.
While these statistics are shocking, there are several things your company can do to prevent ex-employees like Bob from going rouge.
Take Access Control and Off-Boarding Seriously
Every time an employee leaves, revoke their access. Build processes around user lifecycle management. Change passwords. Conduct a formal exit interview, and take action on the answers you receive from employees. Remember, your network security policies should reflect more than digital access as well. Take their keys. De-activate and collect their access badge. De-activate their door password. Do anything and everything you can do to keep that employee from accessing your information, and repeat every time there is a change in your organizational structure.
If You Are Using a Cloud Solution, Don’t Use Personal Services
Sure, Dropbox and Google Docs are easy to use and don’t require employees to access a VPN when they’re away from the office, but they can be accessed through personal passwords.
Use a more secure cloud-based solution, like those offered by ThrottleNet which give you full administrative control.
It’s easier to recover missing critical files if they are stored on a corporate cloud rather than on a personal drop box.
Use a Single Sign-On (SSO) Portal to Manage/Control Access
SSO reduces the potential for rogue access, and users can be de-provisioned with a single click. This gives employees access to all their apps with just a single password and makes cloud IT much, much simpler.
This also helps employees, so they don’t have to hunt down all of the different passwords they use over the course of the day.
Need Help Securing Your Network? Partner with ThrottleNet
ThrottleNet offers Managed Cloud Services and Managed Network Services that put you in control. We provide your company with a Virtual CIO who will help you build a strategic plan for network management, as well as 24×7 monitoring services and Anti-Virus and Spyware solutions for all connected networks at a low monthly fee. We will ensure your access control protocols adhere to best practices, and ensure rogue employees stay away from your vital networks from day one of their departure.
We’re sorry to ruin your fun, Bob.