(Updated 02/03/2021)
In a public service announcement the FBI stated that disgruntled and former employees cost companies anywhere between $5,000 to $3 million dollars in cyber incidents after leaving the organization.
According to recent research from Gartner, “seeking harm and revenge on employers is a bigger incentive for insider threats than is stealing money.”
This is why, when an employee turns in his notice, is written-up for an infraction, is generally disgruntled, or believes they may be part of a reduction in force, it’s time to put insider threat program best practices into action.
7 Tips and insider threat best practices to Protect Against High-Risk Employees
- Enforce strict data policies. Securing your company’s intellectual property should never be a secondary priority. The moment someone is hired, policies that regulate how data is transferred and handled should be made clear.
- Immediately change the password access to computers after an employee leaves. This prevents them from accessing any sensitive data after their termination. Make sure you do the same for any shared company accounts the employee might have access to.
- Make sure vendors and third parties know of this employee’s termination so they can also de-authorize their account and prevent access to any sensitive data in the future.
- Ensure departing employees do not have company data on personal devices. Before a high-risk employee leaves the organization, check whether they have company data on their personal computers, mobile phones, tablets, etc.
- Regularly review employee access controls. If there’s no need for an employee to access a particular account, revoke their permission. Additionally, consider restricting the use of remote login applications or cloud storage applications on corporate accounts.
- Educate employees on password best practices. This includes creating and maintaining strong passwords. Avoid using shared logins and passwords for desktops, servers or networks. As tedious as it might be, every password should be long and varied with numbers and text. Make it mandatory for employees to change their passwords on a quarterly basis.
- Take advantage of user monitoring technology. If an employee knows that they’ll be much less likely to copy files they should not have access to, email proprietary information outside of the company, or print large amounts of confidential data. User activity visibility is one way that companies can figure out exactly what happened and who is responsible for insider threat security violations.
Final Thoughts
Employees with a grudge have a lot to gain. They can use stolen data to get a competitive advantage in a future job, sell data over the black market, make fraudulent transactions or publicly release damaging information about internal practices. They are also capable of restricting access to company websites and disabling critical functions, incurring significant costs, and running risks that your company does not want to take.
Without an insider threat protection strategy in place, many companies will end up reacting to a breach instigated by a high-risk employee, instead of preventing one. Ensure the safety of critical company data with an insider threat solution that protects against high-risk employees and other threats.
Subscribe to the Proofpoint Blog