Disgruntled employee

[Reading time: 2 minutes]

When we think about how to secure a firm, we naturally focus on the outsider threat – Defending against a hoodie-wearing hacker who is trying to get their hands on our firm’s money, or data, or both.

But don’t lose sight of the insider threat – The risk of an employee doing something malicious.

The malicious former employee

As reported in The Register, a firm in the UK lost £500k and many staff lost their jobs after a disgruntled former employee used a colleague’s login details to delete 23 cloud-based servers.

The malicious current employee

At a recent IrisCon security conference, a member of An Garda Síochana mentioned a case where someone logged in to a colleague’s computer account, downloaded pornographic material from the internet, and placed it onto the colleague’s personal drive, in an attempt to discredit them and force their exit.

Three immediate actions

There are a lot of things that a firm should do to reduce the likelihood and impact of the insider threat, but I’ll name three obvious ones:

1. Use Multi-Factor Authentication (MFA) / Two-Factor Authentication (2FA)

Ask your IT provider to enable 2FA / MFA on all externally-accessible systems.

If it is not available “out of the box”, work with them to implement some sort of mechanism to ensure someone needs more than just a username and password to gain access.

It’s not foolproof but it can be enough to defend against the lazy (i.e. the majority) attackers.

2. Remove Access Quickly

Define and follow a clear user access management process, especially for leavers.

You can’t afford a significant lag between the time someone leaves your organisation and the time their access is removed.

3. Do not share credentials

Remind your staff why they must not share their login details with colleagues.

The example above may be enough to convince them.

Most employees just want to do their jobs.

Most ex-employees just want to move on with their lives.

But it only takes one to cause havoc for your firm.