Saturday, November 19, 2022

5 Ways In Which To Keep An Ex Employee From Going Rogue On You

 


With talks of inflation starting to dissipate a little bit, and while the job growth here in the United States seems to be still rather robust, I’ve got to be honest and say than I am a bit surprised to see the total number of tech layoffs that have been happening here in the United States. 

Now, it is nothing like when the Great Recession happened, but it is still surprising when all you keep hearing about are the number of Cyber jobs that still need to be filled.

Whatever it is, I hope these people will find something that they are passionate about, and will take them to even higher levels.  However, given this trend, there is now a new Cybersecurity fear that is coming up. 

And that is, how will terminated employees react when they are let go?  Meaning, is it possible that they could launch an Insider Attack, given all of the knowledge they have about their former employer (especially those that have worked in the IT Department)?

Put another way, how could one of these possibly disgruntled employees make an attempt to cause damage by stealing the datasets that they have worked years on?  The probability in these cases is very real.  Maybe this was not so much a problem a few years ago, but with companies now making the rush to the Cloud, these datasets are now becoming vulnerable to anything that is nefarious.

During the offboarding process, employees are normally asked to turn in their badges, laptops, and any other security tokens that they may have been given during the course of their tenure.  But now, this a complex process, given that many people WFH from now, you now have digital tools that are performing some the more mundane tasks, and that there are contracted workers that could be dispersed worldwide?

Just consider some these stats from a recent survey that was conducted by a recent survey from Oomnitza:

*10% of the respondents have lost possession of their digital assets after they terminated an employee;

*42% of the former employees try to break into the former employer’s Cloud deployments in order to try to heist some sort of PII dataset.

More details on this survey can be found at this link:

https://www.oomnitza.com/resources/2022-state-of-offboarding-process-automation/

So, all of this now filters down to this basic question:  How can I have an offboarding program that will more or less or guarantee that my former employee will not try to cause any harm?  Here are some tips that you can follow:

1)     Process Automation:

As mentioned earlier, whenever an employee leaves, the checklist was quite simple.  But now it has become a complex process.  Because of this, there have been advancements in the area of automation to make sure that not only everything has been retuned, but all accounts, user profiles, and groups that this employee once belonged to are now either deleted or deactivated.  This can be a good thing to have, because with so many rights and privileges being granted, the IT Security team can even forget to disable something.  As a result, this can be a backdoor for the ex-employee to enter into.  One such automation package that has been given great attention is what is known as “Enterprise Technology Management” solutions, or ETM for short.  In these kinds of software packages, you can enter all of the user groups and profiles that each and every employee belongs to.  So once an employee decides to quit or is terminated, all you have to do is enter the last day that they will work, and everything else is done automatically, in terms of deprovisioning all of the former employee’s accounts.  In the end, nothing is left behind, thus leaving your environment reasonably safe and secure.

2)     It takes a simultaneous approach:

Remember, employee termination now touches just about every department of a business, ranging not only from the IT Security team, but to HR, and even Finance/Accounting.  Once it has been decided that there will be a mass layoff, or that an employee gives their two week notice of their intention to quit, all of these departments need to come together to make sure that all of their own digital assets will be safe.  In terms of HR, they need to make sure that all of their employee records will be intact, and from the finance/accounting perspective, these departments need to make sure that all PII datasets (especially those that contain Social Security numbers and home addresses) will also be secure as well.  In other words, there needs to be some sort of policy between these three departments that will serve as a trigger point for simultaneous notification of an employee departure.

3)     The need to have sound IAM policies:

This is an acronym that stands for “Identity & Access Management”.  In short, this is an area of Cyber that stresses the need to make sure that all employee accounts, and their associated rights and permissions are updated all of the time, and any escalation in them requires a special review by the IT Security team.  Also, a key aspect of this is the concept of “Least Privilege”.  This simply means that all employees are given enough access to what they need to support their every day job tasks.  This even includes the C-Suite and the Board of Directors.  Nobody is immune to this rule, whatsoever!!!  By having an effective IAM policy, this will trickle down to ETM solution, as described previously.  Meaning there will be no need to do double the amount of work.  It would be ideal if these systems could potentially “cross-talk” with one another in order to keep things updated on a real time basis.

4)     Pay close attention to the Hybrid Cloud:

This is where the Public and Private Cloud deployments intersect with each other.  In today’s world, many applications are being put into this kind of environment in order to save time on deciding exactly where else to put the SaaS applications at.  This simply means that people will have certain access to some apps, and some won’t.  It is one thing if applications were being loaded up one at a time, but now the corporate world is finding itself deploying many of them all at once.  With this, comes the confusion as to who has access to what, which can lead to data leakage issues.  Therefore, special attention needs to be given to the Hybrid Cloud if you are making use of one.  I know that Microsoft Azure provides tools that you can use for almost free to help fortify your Hybrid Cloud.

My Thoughts On This:

Letting go of an employee for lack of a better term, sucks from both sides of a fence.  If you are faced with this situation as a manager, you need to try to be as cordial and understanding as possible.  You need to show empathy, and offer all means of support that are within your means, especially when it comes to severance packages, and reimbursing for unused vacation and PTO time. 

Try to provide ways for your soon to be ex-employee to find another job. 

Taking this kind of approach can prove to be just as fruitful in avoiding any subsequent security breaches as well.  Also, keep an eye for any malicious behavior for up to two weeks after the employee leaves your business.  This is the peak time for Insider Attacks to happen, and according to a survey by Cyberhaven, 83% of rogue behavior occurs in this time span.  More information about this can be seen here:

https://www.cyberhaven.com/blog/2022-insider-risk-report/

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...