If you run your own business, you may have had to ask an employee to leave. There could be all sorts of scenarios where you were forced to let a staff member go. Whatever the problem was, that’s a solution – but is that the end of it? Even if culpable, nobody likes being fired, and some may be aggrieved enough to retaliate. Could they take steps to harm your business, and how can you protect yourself against angry ex-employees?
A survey by Cyber-Ark showed that almost half of employees would seek retribution if they lost their job unexpectedly. One way of getting revenge is to take company data with them as they walk out of their door with their cardboard box of personal belongings. If an employee has worked for a company for years, enjoying job security, they may well feel that they’ve been mistreated. It seems to be almost part of human nature to react this way.
It doesn’t really matter what the circumstances were, or even if the employee has good reason to feel angry about how they’ve been treated. Retaliation is still a problem, and the point is that irate former staff members can pose a risk. It’s one thing if somebody takes a pile of office supplies with them when they leave. It’s quite another matter if someone takes information that is essential for your business, including confidential company data, financial information or passwords that provide access to your network or records.
We’re not talking hypotheticals here. Ask Home Depot. Back in 2014, they had a serious data breach incident, in which the credit card and email details of over fifty million credit card customers were illegally accessed. This wasn’t just the usual story that we’ve become familiar with, where anonymous hackers manage to get through a firewall to steal data. It was eventually established that the person responsible was Home Depot’s former Senior Architect of IT security, Ricky Joe Mitchell.
Mitchell’s motivation was sabotage. As well as the general PR damage done by this incident, it also transpired that, if Home Depot had been a bit more vigilant, they might have known he’d done something similar before.
According to ArsTechnica and a report by the Department of Justice, when Mitchell discovered he was going to be fired, he ‘remotely accessed EnerVest’s computer systems and reset the company’s network servers to factory settings, essentially eliminating access to all the company’s data and applications for its eastern United States operations’. That wasn’t all. ‘Before his access to EnerVest’s offices could be terminated, Mitchell entered the office after business hours, disconnected critical pieces of…network equipment, and disabled the equipment’s cooling system’.
As you can imagine, the results were disastrous, as well as embarrassing. Some of the stolen data could not be recovered, and restoring what they could, plus equipment repair, cost hundreds of thousands of dollars. The company was offline for a month, and lost business cost them perhaps another million dollars.
You can’t control your ex-employee’s emotions, but you can take steps to prevent a data disaster. You need to make sure that there are no system access points that remain open to the former staff member. It’s not only a measure that’s vital for the protection of your business. You also have a duty to protect your clients and their personal data. In some sectors, there can be serious consequences for neglecting this responsibility.
Steps to prevent a data breach of this kind should be launched before the employee is let go. Don’t give them the opportunity to steal valuable data that could be used as part of a revenge strategy or to help them obtain another job with one of your competitors. Don’t think you can predict how an employee you’ve fired might react, no matter how ‘normal’ they’ve always seemed. You should have an established set of procedures to follow so they can’t walk out with your data. As well as closing access points for that individual, you should check to see if there’s any unusual traffic associated with that person.
The angry ex-employee might not be intent on bringing your business to its knees. It could be that they feel you’ve short-changed them, and making some money therefore seems justifiable to them. Make sure that company credit cards can no longer be used and let vendors know that transactions by this person must not be approved. Even if there’s no direct threat to your IT infrastructure, there’s still a potential threat to your budget.
If you need help with implementing appropriate procedures to prevent disgruntled former staff members taking revenge, Quikteks can advise. Breaking the bad news to your employee is up to you, but we can assist you in making sure your network is secure and tamper-proof.
With Quikteks monitoring your company’s network, and protecting all access points against malicious activity, you can have peace of mind. If a change in staffing occurs, you can contact us and we’ll ensure that they’re permanently blocked from your network. We can also block access from mobile devices. If we detect any unusual activity, we can help you take immediate measures to protect your IT systems from attack.
It only takes one gap in your defenses for an organization to become vulnerable to threats. Quikteks can protect your company’s future by making your network inaccessible to unauthorized users. Just call us at (973) 882-4644.
Comments are closed.