Cybersecurity risks can come from both current and ex-employees. Employees are often a weak link when it comes to security, usually due to carelessness or ignorance. Ex-employees may still have access to company data which is concerning in a world where companies have a legal obligation to safeguard personal data. They may act maliciously if their services are terminated. Removing their access to systems is critical to mitigating the risks of future data breaches or other security incidents.
Table of Contents
Potential risks from current employees
Cybercriminals will often get inside an organization by using employees as an entry point. They will use phishing emails, target weak passwords, and sophisticated social engineering tactics to trick them.
According to a report, careless or uninformed employees are one of the largest risks to cybersecurity. They will often try to hide security incidents which can increase their overall damage and consequences for a business.
A data breach survey in 2021 revealed that over 90% of organizations experienced data breaches, with human error being the main cause of serious incidents. Other surveys have shown that phishing is often the number one cause of a breach. Other human errors, such as misdelivery and misconfiguration, are also responsible for breaches. Verizon found that malware problems were also related to human error, such as downloading suspicious email attachments.
Security threats need to be quickly identified to mitigate the risks. Next-generation security software can prevent phishing, malware, APTs, and impersonation. It can also prevent BEC attacks (business compromise attacks) with the scale, speed and agility of the cloud.
Why are internal threats on the rise?
Crowd-based research gave several reasons for the increase in security threats from employees.
- More devices have access to sensitive data
- More employees access networks
- More complex technology
- More use of cloud apps and infrastructure
A study found that about 50% of respondents to a survey admitted that they allowed friends or family to use a work-issued device. The motivation behind such actions may be completely harmless, but it increases the risk of someone clicking on a harmful link in a phishing email.
Accidental and improper sharing of data by employees increased during the pandemic. A worrying number of employees still tend to use weak passwords, and password reuse is still very common. Cloud storage and limited access is a big solution to this problem but businesses worldwide are still new to it and taking time to implement measures.
Examples of internal threats
- In 2021 the city of Dallas suffered major data losses due to employee carelessness. An employee managed to delete over 8.5 million important police files, most of which came from the family violence unit. The employee did not have enough training on how to remove files from cloud storage.
- In 2021, a group of lawyers at Elliott Greenleaf Law firm began stealing files and deleting emails. The purpose was to help a competing law firm open up a new office. They were planning and taking malicious action for about four months before it was noticed.
Potential risks from ex-employees
Most ex-employers do not have malicious intentions, but it takes just one to cause a problem. The danger applies as much to employees who leave a company voluntarily as to those who are terminated. Those who leave voluntarily may have the same username and password combination for another account. If that account is compromised, hackers could try to use the login details to access a corporate email address.
In a Beyond Identity survey conducted in 2021, responses from ex-employees across the globe indicated that more than 80% of employees maintained continued access to accounts of previous employers. Some of them had the specific intent of doing harm.
The most obvious way ex-employees can access company data is when they still have access to passwords. It’s important not to wait until an employee actually leaves to change passwords. Disgruntled employees can act maliciously in their final days. A professional and detailed offboarding process could prevent unauthorized access to passwords or email accounts by ex-employees.
Examples of malicious actions by ex-employees
- In November 2021, an ex-employer at South Georgia Medical Center downloaded private data to his USB drive the day after he quit. He leaked the birth dates, names and test results of patients. The center had medical security software in place that gave the alert, so they noticed quickly and terminated the incident.
- One of the main methods attackers used to breach corporate networks in the Nefilim ransomware attack of 2021 was to use the still active login credentials of ex-employees.
Put more controls in place
Organizations can boost their cybersecurity by putting more controls in place. For example, using the principle of least privilege means they limit the data to which each employee has access, and this lowers the chance of it falling into the wrong hands.
Access control can also mitigate errors like misconfiguration. Requiring more than one person on certain tasks means fewer human errors go unnoticed.
Organizations should mandate the use of a password manager for all work-related accounts and set up platforms to require 2FA or MFA. Implementing single sign-on can also improve security, as one password gives access to multiple accounts.
Conduct cyber security awareness training
It’s important for companies to take a positive approach to cybersecurity and make it non-punitive, so employees are more likely to report incidents.
Many businesses across the globe are spending more on cybersecurity awareness training for their employees. Gartner estimates that training will be worth about $10 billion by 2027.
If companies want to gain customer trust, they need to make sure they take their security seriously. Data breaches can be a major reason for customers not to trust a business anymore.
Conclusion
Employees and ex-employers can be a liability when it comes to cybersecurity. Sometimes this is simply due to negligence or being uninformed, but in other cases, they have malicious intent. The above measures can help you to minimize the impact of such threats. Putting company-wide safeguards in place and meticulously handling the onboarding and offboarding of employees can help make a difference.
