When an employee leaves a company, especially on bad terms, there’s always a risk that they could try to negatively impact your organization in the future. With internal data breaches becoming increasingly prevalent, organizations need to be prepared for employees who are seeking retribution against the company.
Matthew Keys was terminated from his position at the Sacramento-based television station KTXL Fox 40, which is owned by Tribune Co., in October 2010. In December 2010 he shared private log-in credentials to a computer server owned by Tribune Co. to hacker group Anonymous, and encouraged the group to interfere with the website. Anonymous, in turn, was able to change the headline of a news story appearing in the online version of the Los Angeles Times, also owned by Tribune Co. Keys apparently shared administrative privileges with the hacking group, and through chatroom discussions encouraged them to meddle in the online properties of Tribune Co. Keys is currently being indicted on three counts of hacking-related felonies which carry both prison time and harsh monetary penalties.
Employees leave organizations every day. Whether they’re leaving on their own terms, or have otherwise been terminated, it’s important to consider the impact this could have on your business. Did the employee have access to sensitive corporate or customer information? Were they in charge of your web properties or social accounts? These are all things to consider. It’s important that your organization is always taking proactive steps to protect itself.
Upon the departure of an employee, be sure to get your IT department involved. There’s more to do than just ensuring that the employee has turned in their corporate mobile device and laptop. Make a list and check it twice – while the thought of missing something as crucial as cancelling computer access for past employees may seem laughable, you don’t want to run the risk.
If an employee is leaving a company, consider all the accounts, networks, etc that they have had access to in their tenure. Even if you feel as though the employee is leaving on good terms, protect the security of your business by changing all passwords, and potentially usernames, they may have used. Be thorough in your quest to revoke permissions – you don’t want to miss anything. If you haven’t already, be sure your organization has a policy in place that forces all employees to change their passwords on a rotating basis. Two factor authentication will provide another layer of protection for your secure documents.
While you may strive to give people the benefit of the doubt in your day-to-day life, this is one area where you want to ensure you’re through. Your organization’s reputation, and more importantly the security of your customers, could depend on it.
Have do you ensure you’re protected against potential attacks from past employees? Let us know in the comment section below.