To start off 2021, Jamie’s winter IT Security News quarterly update looks at ex-employees and the threat they pose to the organisation they leave behind. He reminds you why it’s vitally important for your business to put a process in place to ensure that one of the most overlooked cyberthreats is contained as quickly as possible.
Ex-Employees, are they really gone?
Ex-employees are probably the most overlooked cyberthreat to businesses which makes them one of the most dangerous. Especially in a GDPR regulated world where organisations now have legal obligations to safeguard their data and any personal information they hold. Whether through malicious intent or simple negligence, former staff can cause the kind of data breaches that could ruin a company’s reputation and cost a fortune in fines. It’s been found that nearly a quarter (24%) of UK businesses have experienced data breaches by ex-employees (bci) and with at least 1 in 3 ex-employees left with access to network systems or data after leaving a company (IS Decisions), this is a worrying thought!
When somebody leaves your business whether it be amicably or not, how do you ensure that they no longer have access to your systems and your company’s data? Have you got a business process in place to ensure that the relevant people are made aware of your staff member’s departure, so that their accounts and access can be locked down?
How robust is your process?
Here at Net Technical Solutions, our clients are provided with a leaver’s form, which needs to be filled out when a user leaves their organisation and then sent to our support personnel for it to be actioned.
It is essential therefore that the client has a process in place their end to get that form completed and sent over to our support staff as soon as an employee departs their business. This needs to be done regardless of how well the leaving staff member and the business got on as it has nothing to do with trust, but everything to do with their IT security. If this form is not completed, the leaver's access to their IT network most likely remains in place! Even if that person does not access the system again with their account, over time someone else might.
I am often left alarmed and concerned when I undertake IT security reviews on our clients’ servers as to how many active user accounts belong to people that are no longer with the company - sometimes from staff that left many years ago! These inactive accounts create an absolute ticking timebomb with existing staff unaware that they still exist and are not locked down.
There are many issues with this.
(1) Accounts that are from users that left years ago tend to have weaker passwords. Password security and awareness is still not where it needs to be for many employees and so the further back in time you go, usually the weaker the password used. This makes It much easier for hackers to compromise.
(2) Secondly if nobody is monitoring access to active accounts and one of these “active” accounts is involved in a data breach or a ransomware attack, awareness is usually very much after the horse has bolted. On investigation the “active” account that should not have been active is found to be the culprit. Off the back of that there is downtime, cost and GDPR implications to consider.
(3) The staff member themselves. Perhaps disgruntled or perhaps just after some information they left behind on one of your servers, such as a template or maybe some contact details of your own customers that might come in handy? You won’t mind right, that’s why you left the account alive? So, they try and login and find out that they can still access sensitive data and so continue to do so, siphoning information off for their own gains, or worse, until a member of staff reviews these “active” accounts and takes action.
This is one of the various checks that we perform in our IT Security reviews, and for me it is one of the most important. Therefore, I thought I would bring it to everyone’s attention at the start of the year so that as 2021 progresses, you can put a robust process in place for any future staff that leave your organisation.
Our IT Security Audit covers various checks in the following areas. Network checks, Password checks, Microsoft365 checks, Firewall checks and an external vulnerability scan of your external IP(s)