How To Prevent Ex-Employees From Compromising IT Security: 12 Strategies For IT Security - Toronto

post thumb
Insider Threat
by John Svazic/ on 10 Jan 2023

How To Prevent Ex-Employees From Compromising IT Security: 12 Strategies For IT Security - Toronto

Cyberattacks should be the main fear of an organization with a large data presence. While security efforts from these companies have improved in recent years, many still underestimate the threat of a data breach arising from an ex-employee. Given how much power employees have over your day-to-day operations, a rogue employee could be your worst nightmare.

We could share more than a few horror stories we’ve heard over the years in our IT security work in Toronto, but we’re not merely interested in intimidating you. At EliteSec, we wrote this article as part of a series of candid cybersecurity discussions to facilitate education in the field.

it security Toronto

Why Your Cyber Security Solutions Should Focus On Ex-Employees

In most situations, parting ways with your employees is not a particularly hostile experience. However, there are a few instances when the breakup isn’t so smooth. Even then, most employees wouldn’t dare to think of abusing their former privileges. But cyber security risk modelling isn’t supposed to focus on the norm. It’s about planning for the worst-case scenario.

Above all, you want to prevent your ex-employees from preserving their log-in credentials after they depart from your organization. It’s not uncommon for employees to hold a grudge for their dismissal, no matter how justified it was.

The Esselar Hack

To illustrate what we mean, let’s discuss how one disgraced IT director obtained retribution for his perceived wrongful departure.

Richard Neale was the cofounder and ex-IT director of Esselar, a cybersecurity company based in the UK. After working for years at the company, he did not take his departure well and ruminated for 6 months, thinking of a way to get his revenge.

Neale saw the perfect opportunity to one-up his former employer by sabotaging their big pitch to Aviva, a major insurance company. Esselar’s sales team was preparing themselves for the big pitch while Neale somehow managed to hack the cell phones of 900 members of Aviva’s organization, deleting every bit of information from these phones in the process.

It would be an understatement to say Aviva wasn’t keen on working with Esselar following this security breach. Consequently, Aviva cut off Esselar entirely and pursued legal action amounting to around $100,000 in compensation for the damage done during the incident.

Lessons Learned

For their part, Esselar suffered far more than the client they were courting. To their estimation, they lost over half a million dollars because of the damage done to their reputation. After seeing how badly tarnished their name was, Esselar strongly considered rebranding. For a company in the cyber security field to make such an egregious mistake, there should be dire consequences. Implementing cyber security solutions is their specialty.

This is an example of how letting your former employees keep themselves abreast of your company’s functions following their employment is a terrible idea on all levels. It’s pretty easy to identify ex-employees and shut the door on them. Moreover, there is a reason why so many companies have their employees sign NDAs, your information is valuable.

12 Ways Cyber Security Services Help Prevent Former Employees From Compromising Your Security Posture

By now, you should understand that cybersecurity is important. But what can you do to tangibly improve your company’s security? We’ve identified 12 strategies that can contribute to securing your internal systems. Ideally, you should use all of these strategies for the maximum security possible.

Disable All Your Ex-Employee’s Accounts

For some reason, our first and most obvious piece of advice is also one of the most constantly overlooked suggestions in cyber security. As Richard Neale proved to us earlier, you should discontinue the accounts of a leaving employee the moment their employment ceases at your organization.

The best way to verify that an ex-employee had all their accounts extinguished is to do so with a systematic checklist. Take inventory of all the accounts an employee has, and be sure to account for the ones that are accessible remotely since those are the most likely vectors of an attack. Make sure that you create this list before you part ways with an employee so that you can implement the account changes immediately. After all, it’s more likely for your ex-employee to act on a grudge directly after their dismissal than at any other time afterward. You’ll also want to adopt some sort of security system to help you monitor all your employee account statuses and turn them on and off like a spigot.

disable all

Keep Track Of An Outgoing Employee’s Activities

Oftentimes, you and a soon-to-be ex-employee will agree on a leaving date ahead of time. During the period when you and the employee both know that your working relationship is soon to end, you’ll want to be extra careful that they don’t attempt to sabotage your company before departure. Hence, you should apply extra vigilance in monitoring their activities. Moreover, you should discontinue any privileged access to your organization’s accounts at this point.

Should a soon-to-be-leaving employee copy one of your sensitive files or change permissions to a sensitive document before they leave,take note and investigate further. This could be the build-up for a future avenue of attack.

Don’t Advertise Layoffs

When you’re planning to dismiss a large number of employees, you should ideally keep your cards close to your chest. You should make a potential change in roles or wave of layoffs in your company known to the decision-makers only. It makes no sense to spread rumours willy-nilly.

One way to stop the rumour mill pre-emptively is to promote a positive staff culture at your office. The more friendly you are with outgoing employees, the less likely they will feel slighted and cause a cyberattack.

Disable Accounts Automatically

Instead of trying to disable your users' accounts one by one, you should find some cybersecurity software that allows you to do so automatically. Human error could cause you to overlook an account. Therefore, your cyber security team should put a system into place where they automatically deactivate an inactive account and change the passwords of ex-employee accounts.

Change All Passwords For Former Admins

Those working in an admin role often have the most responsibility. Therefore, the departure of an admin could leave a huge gap in your cyber infrastructure. Make sure you get rid of all admin permissions of a departing employee and change the passwords of any shared accounts or devices.

Review Suspicious Activities

Once you say goodbye to an employee, you should be on high alert for any alterations made by accounts to which they formerly had access. Things like file sharing once again top the list of suspicious activities. Yet another reason why changing passwords after a departure is critical.

Encrypt All Your Data

One of the best safeguards in data protection is encryption. This is the simplest way to keep control of your most confidential data. It’s also an effective means of securing your data against any backdoor access your most trusted ex-employees might have.

Deactivate Unused Accounts

Note that a leaving employee, particularly an admin, might have special knowledge of inactive or unused accounts on your network. Therefore, they might retain access to your organization’s cyber assets by using those accounts.

To eliminate this backdoor attack vector, you should automatically identify and delete accounts that are inactive for more than 90 days.

Have Your Temporary Employees Use Temporary Accounts

One way to eliminate the potential for an attack through unused accounts is to create temporary accounts for users who won’t be with your organization permanently. Interns and contractors alike can use temporary accounts with a limited set of privileges that you can turn off once such employees leave.

Examine Which Users Are Authorized To Use Your VPNs

VPNs are the perfect example of a remote attack vector that large organizations tend to overlook. Ensure that your back-end data on active employed users line up with the VPN validation system. You don’t want to issue VPN permissions to an employee from the past.

Surprisingly, Gucci fell victim to a VPN-related attack back in 2010. While still employed with Gucci, a former engineer at the company created a VPN token for a fictitious employee. Once fired, this former network engineer pretended to be this fictitious employee to obtain VPN authentication from the admin and access Gucci’s network remotely.

Over the months following this engineer’s initial entry, he wreaked a fair amount of havoc. By the time he was caught, the employee deleted numerous virtual servers along with several storage utilities and mailboxes. The engineer used his intimate knowledge of Gucci’s security backend in the process.

Implement Privileged Access Management (PAM)

One way to automatically deactivate and control unused accounts is to implement information systems business tools like PAM. This will allow you to turn access on and off for employees as though it were a valve. The permissions of one user won’t have any effect on the others, and as such, your operations will continue to run smoothly.

How We Combat Cyber Security Threats At EliteSec

In our work, we seek to integrate information security processes to combat all manner of cyber attacks. Not all cyber security companies take such a holistic approach. Therefore, we stand out amongst tough competition with our analysis and reporting services. Here’s an inside look at our data protection process.

Implementing Security Control Objectives

When you first start working with EliteSec, you’ll understand how thorough we are in our risk modeling strategies. We always try to build systems that adapt to the industry you’re working in rather than forcing a cookie-cutter solution. Our goal is to provide you with a solid foundation so you can scale your business efficiently. In doing so, we adhere to industry-standard security frameworks such as CIS Controls and NIST Cyber Security.

Our security programs cover:

  • A large-scale review of your online services, policies, procedures, and related departments.
  • Creating security policies for your organization.
  • Identifying gaps in your security and identifying means to resolve them.
  • Educating your users on how to adhere to cybersecurity best practices when using your computer network systems.
  • Training your employees to respond appropriately to phishing attempts and implement password management.

Note that each implementation is unique to your needs and we will adapt certain aspects of these controls to them.

Cyber Security Consultations

If you have an existing cyber security model, we will help you address its weaknesses with a consultation from one of our knowledgeable and trustworthy experts. Since cyber security is so complex, it wouldn’t be surprising if you missed a thing or two when you constructed your security model.

Here are some of the common cyber security concerns that we’ve addressed in our work:

  • Threat Modelling
  • Secure cloud migration and other cloud services
  • Reviewing your security posture for adherence to industry best practices.
  • Sophisticated penetration testing
  • Phishing simulations

We offer our consultations at an affordable hourly rate, so you can always take a test drive with us to see if we’re a fit together without needing to commit.

We are a cyber threat hunting specialist

Specialized Gamification Scenarios

When you’re dealing with cyber attacks from an ex-employee, it should be obvious by now that a whole host of attack scenarios could pop up. One of the best ways to prepare for such scenarios is by simulating a gamified tabletop exercise that attempts to emulate one of these insider attacks.

Think of it as a type of fire or earthquake drill, except a lot more engaging. The crisis we simulate will be a lot more realistic and random than the standard ransomware attack or data breach that most IT security teams practice.

To make these simulations more engaging, we leave every decision up to chance. I.e., we force your employees to take risks in these scenarios where they might not be sure of the outcome. That way, they’ll learn to adapt on the fly. You’ll also be able to go back with your team and try different paths to see which scenarios pop up and how you deal with them. You’ll figure out how to respond to threats dynamically and understand that certain responses only work under certain circumstances.

Here are some examples of custom-built tabletop exercises (gamification scenarios) that we’ve implemented for our clients in the past:

  • Ransomware Outbreak
  • Business Email Compromise
  • Failed System Upgrade
  • Social Media Account Takeover
  • Customer Data Compromise

Why Clients Love Working With Us

Since we offer boutique cyber security solutions to teams with precise needs, you’ll benefit substantially from the adaptability we infuse into your organization. We take a client-first approach, and we’re not just talking about you. We also understand what types of security risks are most likely to affect your clients and take stock of them while we build your strategy. Our cybersecurity services always integrate into your existing workflows, and we do our best to leave your day-to-day operations alone in our work.

Moreover, instead of speaking in obscure jargon, we prioritize education in our work. That means we sit down with you to explain what we’re doing for your cyber security and why we do it.

Book A Consultation With EliteSec

To find out the unique ways in which we can help combat the malice of your ex-employees, you should sit down with us over a call. We’ll take inventory of all the obvious attack vectors first and suggest some that you might not have thought of afterward. Book an appointment today!

cyber security Toronto