This recession has shown many companies just how unprepared they are for internal attacks. Companies are cutting their budgets and laying off employees to save money. But such layoffs can turn faithful, loyal employees into vengeful, ticking time bombs. And as layoffs increase, the problem is only going to get worse.
I’ve seen many companies fret about the big-name external viruses promoted in the media while their internal systems are ripe for internal attack. Remember, 80% of attacks occur inside the network on average. But I’m sure that number is above normal at the moment due to the current economic climate.
Acting out of desperation or anger, employees use their inside access or knowledge about your systems to deface or delete valuable information, or spread information. Like the thief stealing a loaf of bread to feed his starving family, desperate ex-employees facing mortgages or medical bills may embezzle funds or sell trade secrets to competitors.
The key is controlling access. I have seen too many companies without adequate policies and procedure in place that promote swift and thorough security practices during employee termination. Often, I’ve found login access of ex-employees who have not been with the company for years.
You wouldn’t let an employee leave their job without taking away their keys to the company building – your company network shouldn’t be any different. As cruel as it sounds, Iy suggest disabling access before handing out the pink slip just to be safe. Coordination is key. It can take only minutes for an employee with high privileges to cause staggering losses.
What’s worse is cutting loose employees who designed or installed your systems because they know exactly how to dismantle them. IT workers can create logic bombs set to detonate and wipe out your systems long after the ex-employee has fled the scene. Employees in finance know where the money is, and can redistribute or embezzle funds.
You have a responsibility to protect your other employees from the potential damage an ex-employee can cause. Security awareness, with a focus on building employees that detect problems, can help dramatically. And always have a security policy in place with specific procedure to follow when terminating employees.
If your company is concerned about saving money, then understand that letting go of employees can cost you much more than it can save if they decide to take revenge. I always profess that IT security breeds process automation, and this is a good example where an investment in IT security will save you money in the long run.
You must log in to post a comment.