Published: August 06, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
It’s no secret that a disgruntled employee can be a formidable insider threat to their employer. The digital world drastically changed what “loss” means for employers today, and not for the better. Recent findings by Ponemon Institute and Tessian finds 27% of staffers with an axe to grind can do serious harm to their employer by intentionally leaking company data.
With the enormous amount of digital information organizations hold, including company intellectual property, it only takes one spiteful staffer to exploit it. Depending on the type of business, the data at risk also includes that of clients, customers, and vendors.
Information like Social Security numbers, national ID’s, credit card numbers, and company intellectual property can all be up for grabs with a malicious insider. Damage to business reputations can happen in a nano second and losing consumer trust is often a tragic side effect of data loss. Depending on the extent of damages, some devastated organizations find recovery is no longer an option.
Data Loss Expected but Not Protected
Not all data loss is intentional since contented employees make errors, however, it can still be costly. One-third of organizations say they lost a client after an email was mistakenly sent to the wrong person, according to a Tessian study. Accidents do happen, but research continues to show how inept the corporate world is at securing data access and devices when employees leave the company.
Research from Beyond Identity finds just 9% of those leaving a job required involving a company IT professional, 31% involved an HR representative, 33% involved their boss, and 13% involved a co-worker. Further, just 50% who left their job were required to return their work devices. They also find nearly 56% of the departed used their still-accessible work account for employer harm, and 70% of fired staffers followed suit.
The ongoing threat of data loss due to employees, mostly by the disgruntled, is currently in the hands of the employers to fix. Ponemon Institutes chairman puts business data loss into perspective “Our findings prove the lack of visibility organizations have into sensitive data, how risky employee behavior can be on email, and why enterprises should view data loss prevention as a top business priority…”
Despite the startling statistics, there are steps for corporate America to take to protect their own data security and that of their clients.
Always ensure internet connected servers are properly set up. There is an overwhelming number of data breaches and network intrusion recorded due to improperly configured cloud servers.
Be sure to apply patches to all devices as soon as possible. Unprotected devices are open to zero-day and other attacks, by the unknown, or by disgruntled former employees.
Have an exit process in place that requires departing personnel to return all keys, devices, and other property. Make sure part of that process is a reminder of any non-disclosure and confidentiality agreements.
Don’t forget to remove their email and all other network access as soon as it is no longer needed.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org