As any company knows, some of its former employees do not part ways on gracious or friendly terms. Some, in fact, leave with an ax to grind. What is worse for the businesses is that frequently these employees harbor these feelings before they leave the company and may act out in anticipation of their resignation or termination. This can be a headache for businesses both large and small.
When an ex-employee—or soon-to-be-ex-employee—leaves the company, he or she can jeopardize its data after departure, or even prior to leaving. These employees can potentially disclose damaging information, offer a competitor trade secrets or intellectual property, leave the company vulnerable to a data breach, or introduce a virus or malware to the company’s computers.
Human capital is the cornerstone for any successful business, yet the human element can also be a tremendous liability. While an effective and comprehensive security solution and adequate investment in information technology help to prevent these internal breaches from happening, sometimes companies must do some detective work to find the culprit. In cases like these, digital forensics comes into play.
Growing Awareness of Cybersecurity
According to a recent survey, companies are becoming more and more aware of the possibility of an internal breach. This issue has become especially pronounced during the COVID-19 pandemic and the rapid and abrupt increase of people working remotely. Remote work has opened companies up to more vulnerabilities, and they have had to adjust quickly in response to the new trend.
The survey’s findings reveal that threats increased in the last half of 2020, with 62 percent of respondents admitting they had become more effective in the identification of security risks by the fourth quarter. The respondents also admitted that they put more focus and attention on new employees in 2020, particularly toward their online activities.
A telling revelation in this survey came from one of the respondents in financial services, who admitted that disgruntled employees were the company’s biggest issue. Furthermore, the survey showed that a surprisingly low number of respondents increased their resources to modify their cybersecurity policies, with only 55 percent doing so and 41 percent saying they would maintain their current levels. Beyond these measures, 56 percent increased their resources for cybersecurity training whereas only 37 percent maintained their current levels.
Employees have various reasons for acting against their employers, including financial gain and resentment. The latter should not be neglected or overlooked as a motive for an employee to compromise their information. A company may have made an unpopular decision—even unwittingly—that irked an employee, or a number of them. Such actions include pay cuts, reduced hours, or perceived preferred or unfair treatment.
In terms of access to critical information and data, it is essential that businesses and organizations adopt a “zero trust” approach, not only toward external threats but also to its own employees. This concept can work on top of other security solutions currently in use within the company to add more measures to protect its assets from within.
The possibility of an “inside job” has been recognized by the Department of Homeland Security as a serious threat, to both the public and private sectors. The department has urged the need for stronger programs within organizations to prevent a breach from happening. The DHS has illustrated the point that “increased information-sharing results in greater access to and distribution of sensitive information.” Human nature is not advancing quite as fast as technology, and it is clear that disgruntled employee breaches will only intensify in the future.
Solutions Before and After
Ideally, an organization will prevent a breach from happening through a security solution over company devices and data. One such program is SecureDrive’s USB port-blocking software, SecureGuard. This program allows increased management over the company’s Windows-powered devices by blocking access to the computer when unauthorized USB devices are inserted, preventing a problem employee from accessing (and stealing) sensitive information.
However, if a breach occurs SecureForensics offers services to help establish a trail by tracking back to help you see the truth of what happened. Such information retrieved from digital or mobile helps you to build a case against the offender.
To speak to an expert about protecting your assets before a breach occurs, contact SecureDrive at 1-800-875-3230.
If you were the victim of a breach and need assistance putting the pieces together to help you with your case, contact a SecureForensics expert at 1-800-288-1407.