An Information Security Nightmare: The Disgruntled Employee

Is your organization adequately prepared to protect sensitive information from disgruntled or recently terminated employees?

Posted by Joe Gerard in on October 14th, 2010

Disgruntled employees are the greatest risk in any organization when it comes to data leaks. The recession has added fuel to the fire, greatly increasing such risks. As record numbers of employees have lost their jobs, divulging data and other sensitive information could be their way of taking one last shot at the company. Is your organization adequately prepared to protect sensitive information from disgruntled or recently terminated employees? If not, here are a few ideas to help you get started:

Get It On Paper…And The Screen

Begin with a written policy. Not only should you incorporate laws and regulations into your company’s policy, but take the policy a step further and include security measures that relate to the various business processes within your organization. In the policy address the consequences of leaking data. Make it known that whether an employee is employed by the company or is terminated, leaking company information isn’t tolerated. Define access roles for each member of you organization. Limit the amount of information employees have access to even while they are employed by the company. This limits the amount and type of information that could be leaked should an employee be terminated. As with any organizational policy, train employees to understand and follow it. Update the policy as people come and go, as well as when new risks are identified- stay current.

FREE Investigation Report Template

Prepare thorough, consistent investigation reports with our free report template.

Download Template

Time and access are key considerations in protecting your organization from data leaks. Upon termination, revoke access to files, computers and other areas where information is stored. Many employees copy data over to mobile phones, laptops, USB keys, CDs and other devices that they carry out of the office- have terminated employees hand these over immediately. Removing the employee as soon as possible is also a good idea. This way, they have less time to collect information and try taking it with them when they leave.

Security Checklist

Some of the articles I have come across recommend creating a security checklist of things to do once an employee has been terminated. Once an employee is terminated, you must act fast to block their access to information. There can be a lot to remember, which is why a checklist can be useful in these situations. When putting the list together, assign tasks to others in the workplace to help speed up the process. The American Bar Association recommends including the following 4 categories in your checklist:

(1)   Physical removal of the employee from the premises as soon as possible.

(2)   Limit the employee’s physical and electronic access- security cards, keys, change security codes, removal from internal networks, disable remote access, change system passwords, disable e-mail, obtain company credit cards, etc.

(3)   Minimization of any incentive for the employee to attempt to re-access the employer’s computer system.

(4)   Continuous monitoring of the employer’s computer system for security breaches.

Joe Gerard
Joe Gerard

CEO, i-Sight

Spend my days showing off the i-Sight investigative case management software and finding ways to help clients improve their investigations. Usually working with corporate security, HR & employee relations, compliance and legal teams.

Visit Website