It continues to be a hot topic that we’ve touched on before on our blog and social media: the idea that current and former employees can be a risk to your organization. It’s not always something c-suite execs want to think about, but if security is a priority, it’s time to accept that this risk is real and that it could happen to you.
Recently, Fox Business news reported about a Florida-woman who worked as the head of human resources at a Manhattan-based online professional services provider. While specifics were withheld about the company’s name, this is the part that matters: after the company let her go, the woman proceeded to rampage through the company’s computer system. In the process, she deleted over 17,000 job applications, destroyed data, and even left messages with profanities. She was later convicted for the digital havoc wreaked on the company’s computer system, being found guilty for intentionally causing damage to a protected computer and recklessly causing damage (source).
What’s more? In addition to data loss, the company was forced to spend over $100,000 to rebuild its rampaged system.
While this woman’s crimes were specific to her former job duties in human resources, thus giving her access to data like job applications, it’s important to note that other employees may have access to even more sensitive data. All former employees should be adequately off-boarded and considered a threat after they exit a company.
What does proper off-boarding entail (from an IT perspective)?
- Make a list of all login credentials maintained by the former employee and delete them.
- For any shared passwords, change the shared password (furthermore, consider getting rid of all shared passwords due to the security risk they pose. Learn more about that in our blog on the risk of shared passwords here).
- Collect all devices maintained by the former employee.
- For any devices maintained by the former employee, have your IT security team wipe them clean before other employees use them.
While you may be ready to be done with former employees, don’t move on until you’ve completed proper due diligence in off-boarding that employee. It does matter for the sake of your IT security.
Need help with off-boarding your employees? PK Tech can help. We make sure all of our clients are correctly off-boarding their former employees for optimal IT security. Get in touch with us here if you have questions.