When we talk about the insider threat, and it is a topic that is very prominent in the digital security world at the moment, we tend to think of it in terms of rogue employees. People inside your business who are either actively looking to damage your organisation, or are simply naïve to the risks of what they are doing. At Digital Pathways, we would like to talk about the equal threat that ex-employees pose, or at least, how the accounts they leave behind can still cause damage.
When a company takes on a new employee, it is likely that they will have an account created so they can log in to the network and access a specific system. Each member of staff will have a personal account, usually with their own password in place, in order to access what they need to complete their tasks. But what happens when that employee leaves the organisation? When they get a new job, or worse are sacked, are they cut completely from your company?
Unfortunately, it appears that the answer is often no. In many instances, ex-employee accounts remain open and are never deleted from the system. There is obvious danger from this in a number of ways. Firstly, that employees can still access information after they’re gone. If they have joined a competitor firm, do you really want them to be given the same privileges as when they were working for you? Equally, if they were also forced to leave under unsavoury circumstances, then you a giving a vengeful employee the opportunity to wreak havoc through your network too.
As well as a threat from the employee themselves, these accounts are also seen as good access points for hackers. Simply, the cybercriminal will search through staff accounts until they find one that isn’t active. If no-one is monitoring the account, suspect activity is then much less likely to be noticed.
What is required to mitigate this potential risk is a system that manages user profiles. If you are able to manage a network effectively, then you will know exactly who is accessing at any given time, and be able to flag up individuals who are no longer employed but showing activity. At Digital Pathways, we work with a partner call 8MAN. Their product is the complete answer for managing access to data through a controlled environment.
A major feature of their software is two factor authentication. This can involve a dedicated token system, in which access is only ever given if a combination of password and token are supplied. Without one or the other, access is denied. This means that whether a hacker is taking their chances, or an ex-employee has a grudge, it is very unlikely that they will have both pieces of the puzzle.
The very minimum that you should be doing as a company, even without something like the 8MAN product, is to monitor your network. Regularly look at audits and log entries. If Joe is no longer working with your company, but regularly accessing his account in the early hours of the morning, then you can stop him. You will be given the information and then be forced to act on it.
At Digital Pathways, we can not only help you with tools, but also advise on the simple things that can make a huge difference to your security. Give us a call on 0844 586 0040 if you have anything you would like to discuss.