Secure My Stuff Now

Simple Advice to Secure Your Life

Simple home and digital security advice to secure your life

Remove Ex-Employee Access Immediately

by

Remove Ex-Employee Access

In a small business environment, there are many roles you, as an owner or supervisor have to deal with. One of the most difficult tasks is letting someone go. Obviously the relationship has reached a point where it is no longer beneficial for the company. This could be for financial reasons, or it could based on the employee’s performance. Regardless, there are many boxes to check when an employee is terminated. There’s the legal, compliance, financial, maybe hiring a replacement, onboarding new staff, reshuffling responsibilities,… the list goes on. But when any employees are let go, the first item on your to do list should be to remove ex-employee access to your corporate data and accounts immediately. Otherwise it can come back to bite you… and your company… badly!

Not only are you leaving security holes in your operations, but you are also opening your business up to malicious abuse from the former employees. While rare, it does happen. And it has been increasing. If an employee had keys to your premises and you fired them, you’d ask for the keys back, wouldn’t you? And you’d take away their alarm code. Same thing with their credentials to your company’s digital assets (email, computers, network, cloud services etc).

Trending
Review of the Arlo Home Security System: Affordable, flexible and reliable 

The Scope of Ex-Employee Access

Are you confident that former employees won’t have access to company information? This is a very important question. A Kaspersky research team recently examined how prepared small and medium-sized businesses (SMBs) are for cyberincidents. Nearly half of SMBs that were surveyed were not certain that their data could not be accessed through corporate accounts or cloud services by dismissed employees.

The Scope of Damage from Ex-Employees

Ex-employees who still have access to information systems or work services can cause serious damage to their former employer. SMBs are often concerned about perceived threats like former employees using company data to start their own business, or taking over a job with a competitor and taking the company’s customers. These threats are not likely to cause business damage.

But, an ex-employee that has access to customer data that includes personal information… that’s potentially damaging. They could either sell it or leak it into public domain as a retaliation for being fired. This could seriously damage your company’s reputation and put your business at risk. Customers might sue you for damages or for their personal data being leaked. Regulators may also fine you. This depends on the laws in your country, but there is a rising trend to tighten penalties for leaks. That’s why you need to remove ex-employee access immediately.

Examples of Damage Done By Former Employees

There are growing number of examples of ex-employees seeking revenge. And because their access had not been revoked, they were able to do significant damage.

Redirecting Traffic

For example, an IT system administrator was laid off. He tried to get his job back by disrupting the operations of his former employer, a prominent financial firm in Hawaii. Casey K. Umetsu was 40 years old and worked for the company as a network administrator from 2017 to 2019, when his employer ended his contract.

In a press release, the U.S. Department of Justice stated that the defendant pleaded guilty to accessing his former employer’s website and changing configuration settings to redirect email and web traffic to other computers.

Umetsu used his credentials from his former employer to access the company website’s configuration settings. He made many changes, including misdirecting web traffic to unaffiliated computers, which in turn incapacitated the company’s email and web presence.

Umetsu confessed that he did this to persuade his ex-employee to hire him again at a higher pay.

Clare E. Connors, U.S. Attorney stated that Umetsu had criminally abused his employer’s special access privileges to disrupt the network operations of its network for personal gain. “Those who compromise security of a computer system – government, business or personal – will face criminal prosecution, as well as technology personnel whose access was authorized by the victim,” Connors said.

After reporting the cybersecurity incident, the FBI was notified and the victim company found out who was responsible. Umetsu awaits sentence for his wrongdoings, which will be delivered on January 19, 2023. Umetsu faces a maximum sentence of 10 years in prison and a possible fine of up $250,000.

Umetsu’s actions were a cause for concern, but the security practices of the company cannot be ignored. Umetsu used credentials which should have been revoked from the time he was fired.

Wiping Files & Databases

Another example is of an ex-database admin with real estate brokerage. He issued warnings to his ex-employer but they went ignored and he wiped four databases and application servers. Because of this, large portions of the firm’s operations were immediately crippled and tens of thousands of employees went unpaid for an extended period.

Another fired employee of a credit union hacked into the computer systems of her former employer in September 2021 and deleted 21GB of valuable business data. The wiped files included the company’s anti-ransomware protection software and customers’ mortgage loan applications.

Employees who are unhappy have a strong incentive for revenge. They could wipe data or sell access credentials on the dark internet, or use them as their own. That’s why you need to remove ex-employee access to accounts and digital assets immediately.

Non-Malicious Risks

Many issues are not caused by ex-employees or direct leaks. Ex-colleagues may not remember that they had access to this-and-that resource. However, routine checks by the same regulators could reveal that unauthorized persons have access to confidential data. This would result in a fine.

Even if you are certain that you have ended up on good terms with everyone involved, it doesn’t mean you’re done. It’s impossible to guarantee that they did not use a weak password to gain access to work systems. This could be used by attackers to brute-force, or in a related leak. The attack surface increases if there is redundant access to any system, whether it’s a collaborative environment or work e-mail. Social-engineering attacks could even be launched from a casual chat between colleagues over non-work-related issues.

How To Reduce The Risk From Ex-Employees

Organizational measures are the most common way to prevent data leakage through accounts of ex-employees. Implement the following as part of your business operations to reduce risk of malicious and non-malicious threats:

  • Reduce the number of people who have access to corporate data.
  • Establishing strict access policies for corporate resources, including e-mails, shared folders, and online documents.
  • Keep a detailed access log. Record who was granted access and when.
  • If an employee leaves the company, remove ex-employee access immediately.
  • Clear instructions should be given for changing and creating passwords.
  • Regular cybersecurity awareness training for employees like that offered by Kaspersky training.

The Final Score: Remove Ex-Employee Access Immediately

While letting someone go in your business can be stressful. Remember to revoke their access to your corporate data and accounts. With a growing number of cases of ex-employees seeking revenge on former employers by causing digital damage, you’d be wise to remove access credentials of former employees immediately. Before it bites you in the butt. That goes for small and medium sized businesses too, especially when roles are fuzzy, time is short, and you’re simply trying to get through the day. Be smart and stay safe.