Disgruntled Employee Suddenly Walks Out The Door: How to Stay Safe

Today, one of the biggest security weaknesses that businesses and organizations face is their own employees. A recent Verizon Data Breach Investigations Report reveals that 30% of data breaches were caused intentionally or accidentally by insiders. When a disgruntled employee leaves a company abruptly, they are likely to react with aggression or retaliation. It is crucial that businesses and companies put down adequate measures to protect their investments, customers, and data from vengeful ex-employees.

YouTube video

Common Signs of Unusual Employee Behaviors

Employees planning to steal data or are in the process of doing so often leaves behind a trail of signs that you should be sensitive about:

  • Unusual transfer of data: Departing employees who copy data to personal email accounts, personal file sync, personal devices, USB drives, and cloud storage systems could be a red flag. Although these could be normal in the era of ‘bringing your own device,’ an unusual spike in these activities could signify a disgruntled employee infiltrating data ahead of their departure.
  • Deleted documents: If you notice a significant number of your documents have been deleted from a disgruntled employee’s desktop, laptop computers, or corporate files shares, be in high alert
  • Unusual email activity: A sudden spike or drop in email activity could also signify a disgruntled employee doing something behind your back. Specifically, if you notice emails and other communications being sent or received between your employee and competing organization, take appropriate action to protect your data.
  • Unusually timed access: If your employee is accessing corporate accounts and systems at odd hours and differently than their usual pattern, have your IT team investigate the unusual behavior and secure your IT environment.

How Businesses Can Protect Themselves from Disgruntled Employees

Monitor Account Behaviors and Undertake IT Audit

It is crucial to monitor an employee’s actions from the day you receive the notice of resignation. Put your IT team on high alert to monitor any unusual behavior that could signal ongoing breaches. You should also restrict privilege access immediately you learn an unhappy employee is leaving your company. Additionally, implement an IT audit solution to guarantee better internal IT security to protect your IT environment from any malicious actions.

Remove Employee Access

Studies show disgruntled employees are likely to attack soon after leaving the company when they are still angry, frustrated, and bitter with their former employers. To prevent data breaches and sabotage, ensure you remove all system access, however insignificant, immediately after the employee leaves the company. Some of the specific steps to take include:

  • Lock or deactivate accounts: The first step to take once a disgruntled employee leaves is to deactivate all their work-related accounts, including their email accounts. Locking or deleting the accounts is a critical step to prevent unwanted access. You should also lock their file hosting and delete their accounts in collaboration tools such as Windows Teams, Office 365, Outlook Email, Skype for Business, SharePoint, and more.
  • Changing passwords of accounts: Change the passwords of all the critical accounts that you can’t delete and which the ex-employee had access to. These include passwords to all company programs, systems, or applications the employee was using during their stay with the company.
  • Disable multifactor authentication access: Disabling multifactor authentication access on your systems and networks will prevent unauthorized access to vulnerable systems. If you had integrated an MFA solution, you could effectively shut down all access with a single action. This can be the fastest and most effective way to secure your company if an unhappy employee abruptly leaves the company without notice.
  • Revoke access to the building: Robust physical security can keep disgruntled employees from crucial company infrastructure. Soon after the employee leaves, revoke access codes to the building, including company offices. Additionally, isolate critical systems and restrict areas by applying robust access controls. Consider implementing two-factor authentications in your access systems to augment keywords.

Don’t Allow Employees to Become Their Own Administrators

It is never a good idea to allow employees to have admin rights for their company-supplied systems even when you are on good terms. You never know when a loyal and good employee becomes disgruntled to present a substantial insider threat. Employees with their own admin rights gain permission to store corporate data in locations outside of IT control. Allowing employees to install unauthorized apps increases the risks that disgruntled employees will introduce malware, Ransomware, and other threats into the corporate network either intentionally or by accident once they leave the organization.

Encrypt Data 

All sensitive and confidential data should be encrypted whether it is in transit, at rest, or in use. Osterman Research recommends you combine manual encryption and policy-based encryption to automatically scan content based on the policy before applying an appropriate encryption measure. Encryption is an effective measure to prevent much of the data loss that could occur once a disgruntled employee leaves a company.

Back Up Your Data

Implementing an effective backup policy can mitigate the risks of insider data breaches. Ensure all corporate data is appropriately backed up to a central and easily accessible location. This ensures that data can be recovered easily should an employee maliciously change or delete it before informing you they are leaving.

Retrieve Work-Issued Devices

In the current highly digitized work environment, a massive amount of crucial company data is stored on mobile devices, including smartphones and laptops. It is vital that you retrieve all company-issued mobile devices from a departing employee. If you can’t physically retrieve all your devices, seek the help of IT experts to remotely wipe all data stored in the devices so former employees can no longer have access.

Insert Clear, Confidential Provisions in the Employment Contract

All your employment contacts and agreements must include clear requirements regarding the roles of employees in protecting sensitive and confidential data when they are with the company and after leaving. These provisions provide employers with the legal backing to defend their position and pursue non-compliant employees who steal crucial data after leaving their company.

Don’t Attach Printers to Single Computers

One of the best cybersecurity practices is not to attach printers to standalone computers. Printers connected to standalone computers make it easier for a disgruntled employee to print out sensitive data before their departure without the admin knowledge.

How Mainstreet IT Solutions Can Help

Insider attacks from departing ex-employees are a hard reality facing several businesses and organizations today. Experts reveal employees often commit insider sabotage when they feel they are being treated unfairly or were dismissed in unfair circumstances. To counter this, it is important to take proactive actions discussed above immediately you learn a disgruntled employee is leaving your organization.

At Mainstreet IT Solutions, we provide cutting-edge tools to help you lock out your leaving employees from your system and networks effectively. Our highly experienced IT experts can help automate your entire IT environment, so you can make immediate changes once an employee leaves. We also leverage cutting-edge technological tools to remotely disable access to the email system, CRM system, and company files and wipe away any crucial data from an ex-employee’s company-issued and personal home devices. Contact us today to request a quote learn more about our Managed It services.

MainStreet IT Technology Tips & Articles

Tune In To MainStreet IT TV

Cash is King - Technology Edition

SEO is Dead! Long Live Content Marketing

Does Chris Massey Have All The Answers For Co-Managed IT?

SEO Is Dead! Long Live Content Marketing

Organizational Strategy: Co-Managed IT

What The Heck Is SEO?

Subscribe To Mainstreet IT On YouTube