How to Avoid Cyber Threats by Disgruntled Employees

Overview

Disgruntled employees can prove to be the biggest threat for the cyber security of an organization as they have access to confidential information as well as the motive to exploit or expose it. Therefore, there should be a careful systematic approach to handle them and aggression should be avoided.

Are Disgruntled Employees a Cyber Threat?

Most employers would mistake to think, why fear your own employees. Well. Have a look at the following real-world statistics which explain how real insider threats can be.

• 70% of American employees are ‘emotionally disconnected’ at work, says Steven Rosenfeld at Alternet, making it plausible for one in five employees to be disgruntled enough to sabotage their employers and colleagues.
• CERT Insider Threat Database in 2015 recorded over 1,000 incidents of sabotage where insiders harmed a business.
• McAfee reveals that insiders are responsible for 43% of data breaches while Information Security Forum reported that 54% data breaches occurred because of insiders.
• In June 2017, an ex-admin of a Netherlands-based web hosting provider called Verelox deleted all customer data and wiped most servers. The company had to shut down its services entirely, disabling customers from accessing their data and virtual servers.
• Haystax Technology conducted a survey of security professionals in 2017 in which 56% professionals acknowledged growing frequency of insider threat while 75% respondents anticipated the cost of such remediation to go as high as $500,000.
• According to a 2016 IBM study, insiders are responsible for 60 percent of all data breaches, of which 75% were intended.
• Another Verizon survey reported in 2017 that insiders cause 77% of data breaches.
• A Biscom survey (a secure file sharing service provider) in 2015 stated that one in every 4 employees admittedly take data with them when they leave a company, of which 85% found it normal to claim possession of the data they created while 95% stated that they got away with it easily because of lack of policies or their enforcement.
• Wand Corporation found an ex-employee David Ernest Everett Jr. launching a malicious software attack on the computer systems of company’s clients after being fired in 2008.
• In May 2014, Ricky Joe Mitchell was sentenced to four years in federal prison and ordered to pay $428,000 for resetting all network servers to factory settings, disconnecting critical pieces of network equipment and disabling equipment’s cooling systems. The act was his response to the news that he was soon to be fired from his designation of network engineer by EnerVest company.

Impact of Insider Threats

Statistics show that disgruntled employees are capable of practically harming an organization’s reputation. At the very least, they may steal propriety information for personal benefits or identity theft, and they may expose customer data or company’s financial information to unauthorized people.

Initially, it is best to avoid any reasons that could get an employee disgruntled. Employees should feel respected and their hard work should be appreciated through rewards. However, if employees still remain unsatisfied, make sure to implement strong measures in your organization to save your company’s confidential information from disgruntled employees in every way possible.

Back in September 2014, the FBI and the U.S. Department of Homeland Security (DHS) also warned about increasing insider threats due to former and current disgruntled employees.

“The exploitation of business networks and servers by disgruntled and/or former employees has resulted in several significant FBI investigations in which individuals used their access to destroy data, steal proprietary software, obtain customer information, purchase unauthorized goods and services using customer accounts, and gain a competitive edge at a new company,” the alert stated.

The alert added that personal email accounts and cloud storage services like Dropbox were used to facilitate stealing of propriety information. It also reported installation of unauthorized remote desktop protocol (RDP) software by employees who had been fired. Some disgruntled employees went as far as restricting access to company’s websites and disabling their CMS, or launching DDoS attacks, the alert stated. The attacks costed between $5,000 to $3 million.

How to Avoid Cyber Threats by Disgruntled Employees

FBI and DHS advise therefore that all companies should follow the precautions below:

• Conduct a regular review of employee access and terminate any account that individuals do not need to perform their daily job responsibilities.
• Terminate all accounts associated with an employee or contractor immediately upon dismissal.
• Change administrative passwords to servers and networks following the release of IT personnel.
• Avoid shared user names and passwords for remote desktop protocol.
• Do not use the same login and password for multiple platforms, servers, or networks.
• Ensure third party service companies providing email or customer support know that an employee has been terminated.
• Restrict Internet access on corporate computers to cloud storage websites.
• Do not allow employees to download unauthorized remote login applications on corporate computers.
• Maintain daily backups of all computer networks and servers.
• Require employees to change passwords to corporate accounts regularly.

SpectorSoft CEO Jason Judge also advised closely monitoring the online activities of employees, specially starting 30 days before the termination date.
Additionally, organizations should implement the following measures.

• Require all employees to sign non-disclosure agreements.
• Send reminders that all intellectual property created by them within the organization is your company’s possession.
• Train employees on safe internet surfing habits.
• Encrypt devices that store company’s most confidential data.
• Monitor user activities and identify anomalous behavior. Organizations should use monitoring systems to track, log and create alerts when unusual behavior is seen.
• Regulate user permissions to ensure that they comply with needed job responsibilities only.
• Disable unnecessary accounts.