Disgruntled Employees Cause Most Data Breaches: Is Your Company Prepared?

Disgruntled Employees Cause Most Data Breaches: Is Your Company Prepared?

In 2016, boot maker Lucchese fired its IT administrator. An hour later, the company's servers stopped working. The former IT administrator had used a hidden account -- meant to look like a network printer -- to access the network remotely and delete system files from the servers. The factory lost a full day of revenue.

A court eventually sentenced the fired IT administrator to more than a year in prison and ordered him to pay Lucchese $59,000.

Do you believe that escorting terminated employees out of the office is enough to ensure the protection of your company's critical data? Think again.

Right now, your organization may have a rogue employee who has created a backdoor for illicit access to your network. Rogue elements can exist within any corporation, and there's no telling what a disgruntled employee with network access could do. According to a 2016 IBM report, company employees and former employees cause 60 percent of data breaches.

In this article, we'll examine some of the steps that your company can take now to protect crucial data from disgruntled employees.

Force Password Changes After Employees Leave the Company

It's likely that you immediately revoke the network access of terminated employees. In the case described above, though, the terminated employee had collected the passwords of other employees -- so revoking his network access would have had no effect.

Consider creating a network policy forcing all users to log out and change their passwords when an employee leaves the company. Forcing all network passwords to expire immediately following a personnel change prevents the terminated employee from logging in as another user. It may also disable any network backdoors that the terminated employee has created.

Implement Two-Factor Authentication

If your company uses a cloud-based service for maintaining user accounts, it's easy to deter unauthorized access with two-factor authentication. With two-factor authentication, a user needs two things -- usually a password and a physical device such as a smartphone -- to log in.

After a user enters his or her network password, the physical device displays a second code that the user must enter to complete the login process. Although two-factor authentication can't prevent all forms of network intrusion, it does prevent a disgruntled employee from logging in as another user unless he or she also steals that user's smartphone.

Implement Company-Wide Data Backups

The terminated Lucchese employee was able to shut down an entire boot factory for a day simply by deleting files from a few servers. If the company had a robust backup policy, the act would have resulted in minutes -- not hours -- of lost productivity.

The cloud offers unlimited data storage. Utilize it by implementing an automatic backup scheme for all of your company's critical files.

Monitor User Activity Closely

Your network administrators should monitor user behavior closely to identify potential signs of malicious activity. Some of the activities that your network should flag for further investigation include:

  • Repeated unsuccessful login attempts
  • Unusually large transfers of data to destinations outside the company
  • Bulk data deletion
  • Access to unusual external websites

Cloud-based security software can use artificial intelligence -- or rules that you provide -- to identify potentially malicious activity and send warnings to network administrators.

Restrict User Access

Do any of the people in your company have network access that they don't really require? Define users' boundaries clearly by restricting their access to only the files that they require for work. Restricting users' access doesn't completely eliminate the possibility of a data breach, but it does limit the avenues through which data can escape.

Wipe Devices Remotely

Allowing employees to bring their own devices to work often increases productivity. Employees love to use familiar devices. A BYOD policy also allows employees to work from home when necessary. The potential peril of a BYOD policy, though, is that it creates a situation in which company-owned data resides on an employee-owned device.

If you allow your employees to bring their own devices to work, wipe devices remotely when their owners leave the company. A man has sued his former employer for wiping his device remotely. He lost the lawsuit.

Nevertheless, you may want to minimize your potential liability by having employees sign waivers before they begin bringing their devices to work.