Protecting an organization from data breaches by ex-employees

An Employee’s last day at an organization often consists of either a “Well he’s a jolly good fellow” song and a cake, or having an HR Person stand over someone while they pack up their cube into boxes and get escorted out of the building. While the latter is more predictive of someone leaving the organization with a bitter taste in their mouth, both scenarios represent a potential risk to the organization if their departure is not handled appropriately from an Information Technology (IT) perspective.

There are cases of ex-employees reeking serious havoc on their past employers that caused massive financial losses, adverse impact to customers and internal scrambles to rectify the issue. Such examples include OFCOM, the communications regulator in the UK. An ex-employee made the poor decision of sharing over six years’ worth of data with their prospective employer. This was one of the “lucky” cases as the prospective employer chose not to utilize the data. Another well-known example is the Marriott Hotels breach in 2016. A disgruntled ex-employee decided to log into Marriott’s internal systems after being let go, all from the comfort of their own home. Once logged in, the ex-employee began lowering room rates associated with active hotel reservations. This cost Marriott roughly $50,000.

It is mind boggling to think that after an employee leaves an organization over 58% of them still have access to their previous organization’s corporate network. With so much work put into removing their badge so they cannot access the front door, why is the same diligence not put forth to protect an organization’s most valuable assets, their internal data.

An organization must take accountability to eliminate the threat of inappropriate access to internal networks by ex-employees. Human Resources and IT can break down the silos and work together. Companies like onelogin can help your organization be proactive and prevent the intrusions from happening before they cost your organization a security disaster.

Leave a Comment

Your email address will not be published. Required fields are marked *