Security experts said the recent upheaval in the job market makes it imperative to bolster separation protocols further.
The COVID-19 pandemic has caused unprecedented turmoil in the job market over the last year, with millions across the world losing or leaving jobs due to economic disruption. An unfortunate byproduct of the employee turnover is the cybersecurity threat that comes with having a significant number of former employees.
Darren Guccione, CEO and co-founder of Keeper Security, and other cybersecurity experts spoke to TechRepublic about how to protect an enterprise from those who have knowledge or access to their former employer’s confidential information, keeping the door open for looming hackers.
“A lot of companies fail to have clear policies or a checklist that employers use for post-employee separation. This is extremely important because failing to do so is going to involve a lot of things but the most important thing is that you want to make sure that the former employee or even a subcontractor that previously had access to the organization’s technologies and systems is completely locked out,” Guccione said in an interview.
SEE: Identity theft protection policy (TechRepublic Premium)
“It’s going to avoid the risk of business disruption. It’s going to avoid the risk of the leakage of intellectual property or trade secrets. It also mitigates legal risk because what you don’t want is any exposure of or unauthorized access to sensitive data about the organization or its stakeholders. If a door is left open to a former member of the team and that person is disgruntled, you could have a real problem on your hands.”
There have been multiple instances in the tech world where former employees have accessed systems and done significant damage. In December, the Justice Department announced that a former Cisco worker was sentenced to two years in prison after he accessed the Cisco Systems cloud infrastructure that was hosted by Amazon Web Services and deleted 456 virtual machines for Cisco’s Webex Teams application.
A Justice Department statement said the actions of Sudhish Kasaba Ramesh, who had resigned three months before the hack, led to over 16,000 Webex Teams accounts being shut down for up to two weeks and caused Cisco to spend approximately $1.4 million in employee time to restore the damage to the application and refund over $1 million to affected customers.
Earlier this month, federal prosecutors revealed that they were indicting Wyatt Travnichek, a 22-year-old former employee of Post Rock Rural Water District in Ellsworth, Kansas. Travnichek is accused of hacking into his former employer two months after resigning in 2019 and shutting down the facility’s cleaning and disinfecting procedures, endangering the local population.
Sascha Fahrbach, security evangelist at Fudo Security, noted that enterprises are often focused on the threats that come from the outside: Hackers, malware and nation states. Yet many organizations and individuals forget that much of the potential risk stems from insiders, Fahrbach said.
“In fact, in a recent IBM report, the frequency of insider incidents has tripled since 2016. As was the case with this California company, the board and staff had to learn the hard way that insiders can be a costly risk,” Fahrbach explained.
“There are also varying levels of insider threats, and credential theft is by far the most expensive, overshadowing employee or contractor negligence. In many situations, companies and large organizations suffer from a proliferation of privileged accounts.”
Axiad COO Jerome Becquart added that some studies have shown that at least 10% of employees access their former company’s data after leaving the company.
Becquart noted that when a company is managing multiple credentials, especially in the case of privileged users, it’s not always straightforward to fully de-provision and off-board employees on all of them.
“Companies need to simplify their credential management by consolidating them onto one platform to make this process more efficient, and ensure that their data is fully protected,” Becquart said.
According to Guccione, tech companies are at greater risk because they often have to worry about the ancillary effects of a breach considering how many enterprises rely on major technology providers for services. Companies are no longer just in charge of their core businesses but also have to worry about the information that passes through their systems, he added.
Guccione said enterprises need to lock down systems and deploy identity and access management systems in order to manage who has access to what. This will allow organizations to tie off any access to people who may leave a position.
Fahrbach echoed that idea, noting that abandoned accounts are a pervasive problem for enterprises.
“This is a problem in and of itself, leading to abandoned or orphaned accounts by staff who have left. These open credentials can be exploited,” Fahrbach said.
The other tactic Guccione suggested involved having an enterprise password management system to “put a cloak of armor and security and safeguards around all of the credential management within your organization.”
It is also important for enterprises to have privileged access management even for employees who stay with the company in order to monitor who is accessing what. Two-factor authentication is also a cost-effective and easy way to thwart or mitigate the risk of a remote data breach, according to Guccione.
Guccione added that training current employees on cybersecurity and what to look out for is also integral in stopping any insider threats.
“Awareness is the first step of creating and launching any sound cybersecurity strategy within a company or an organization, either public or private sector,” Guccione said. “Because the cybercriminal doesn’t really care too much about how large or small your company is or what industry you’re in.”