Is your business prepared for an insider attack?
Posted 10th November 2021
Letting someone go from your business is always a difficult situation. The lump in the throat moment when you tell them that they just aren’t right for your company will always create a mix of negative emotions and may result in the employee feeling less than positive. Actually, it may leave them feeling pretty angry. We’ve all been there when the ‘red mist’ descends and we make an impetuous decision, and the same can happen with a staff member who has been asked to leave. And this is where we come to insider attacks.
What is an insider attack?
The simplest way of putting it is that an insider attack is when your company receives a cyberattack from someone within the organisation. This isn’t about a team member clicking on a dodgy email link, this is more someone intentionally harming your business as a means of revenge. The employee equivalent of someone cutting up an ex’s clothes or selling their sports car on eBay.
An insider attack can range from deleting and removing access to certain files, through stealing sensitive information and selling it to competitors, and all the way up to installing malware on your systems.
How to avoid an insider attack
The best way for any business to protect their valuable data assets from employees who are leaving is to create a strategy and checklist. In much the same way that you would make sure that ex-employees don’t have access to your premises by removing keys and ID cards, you need to do the same with IT privileges.
Keep your IT team in the loop
Letting your IT department know in advance that a team member is leaving allows a smooth transition and enables them to begin the process of protecting your IT systems from potential attacks.
Remove Email and Phone access
As soon as the staff member has left your employment you must make sure that all email and phone access to their accounts is blocked. It is also advisable to enable one key member of staff to have access to their accounts in case there are incoming client and customer queries that need to be dealt with.
Put plans in place regarding access to data if someone resigns
Not every employee leaves because they’ve been pushed. Some hand in their resignation and work a notice period. During this time there is also the potential for them to steal vital client information and data. As a part of GDPR compliance and to ensure that your company isn’t negatively impacted by their departure, you should also consider how you manage access to data and accounts for departing employees. It’s standard good housekeeping to regularly review who has access to what and why. This includes access to social media accounts, banking, and shared accounts.
It’s always good to be prepared
With many businesses embracing working from home, team members may have found themselves using personal devices to access company data. If your working relationship ends, you also must ensure that all data is removed from those devices as well.
While this checklist may seem lengthy, it is essential for protecting your company and clients. We understand that you’re also undoubtedly busy in the day to day running of your business, which is why we offer an IT Consultancy Service to help companies like yours put robust strategies in place.
If you’d like to speak to one of our team about how you can avoid potential insider attacks, get in touch.