Although we often hear about the threat of foreign cyberattacks, the truth is that one of the biggest threats to small and medium-sized American companies is former employees.
An AppRiver survey finds that 24 percent of small and midsize businesses (SMBs) are concerned that attacks will come from dissatisfied ex-employees rather than publicized threats from nation-states, rogue hactivist groups, or lone wolfs. Such fears appear to be on target: 20 percent of organizations say they’ve been hit by former workers.
In addition, the lack of security resources at SMBs, such as a dedicated IT department, can mean that disgruntled former workers may have an easier time accessing the system and causing harm.
“Today, six in 10 U.S. SMBs go out of business within six months of a successful cyberattack,” says Troy Gill, a senior security analyst at AppRiver. “The lack of preparedness becomes a dangerous weapon for cybercriminals.”
Here are some steps SMBs can take to reduce the threat from former workers:
- Remove employee access. This may seem like a no-brainer, but companies often fail to immediately take away a former worker’s access. Part of the reason is because it can be time consuming, taking up to an hour to erase one worker’s accounts. Or, human resources may not be in direct communication with who is responsible for halting access, so it leaves the employee access until tech catches up with the HR directive.
- Check devices. A departing employee’s mobile devices need to be checked to ensure they don’t contain confidential company information. Hard drives may need to be destroyed if confidential information is found.
- Change passwords. Employees should never share passwords or usernames from remote desktops, and administrative passwords to servers and networks should be changed when an IT employee leaves, the FBI advises. In addition, third-party service companies providing email or customer support should be notified immediately when an employee has left the company.
- Understand the threat. The National Cybersecurity and Communications Integration Center says that employers need to understand the characteristics of insiders at risk of becoming a threat. Those characteristics include someone who cannot assume responsibility for his or her actions, intolerance of criticism, a pattern of frustration and disappointment and a lack of empathy. “One of the best preventive measures is to train employees to recognize and report behavioral indicators exhibited by peers or business partners,” the center advises.
- Issue a warning. When an employee leaves, make sure he or she is clearly informed of the legal consequences of using a company device or using any means to access the system. Also remind them they are not allowed to take any company information or property with them and be vigilant even with those who leave on good terms.
Finally, companies should set up preventive measures from Day 1 of any worker’s employment. A policy should state “acceptable use” of the company’s data and emphasize that the employer may monitor any activity on a company device, whether that activity is personal or not. By training every employee—and having them sign a statement acknowledging their training—companies can set clear expectations for all employees.