Disasters come in all shapes and sizes, and all of them could potentially impact your business’ operations. While the term “disaster” often conjures images of fires and floods, there is another kind of disaster that isn’t considered nearly as often - the actions of a disgruntled former employee.
This is just another reason that it is key that you have a comprehensive backup and disaster recovery solution in place.
Let’s consider a hypothetical situation for a moment:
Let’s assume that you’ve recently had to let one of your employees go - perhaps they repeatedly cut corners in their work, or you had caught them in various lies. Whatever the reason, this employee is no longer actually under your employ.
The question is whether or not they retain the access permissions that they did as an employee.
Take a moment and think about what an employee with a grudge could do if they still had access to their email, your files, or anything else on your network. They could access your client/prospect lists to delete them or to offer them to a prospective new employer.
Neither of these scenarios bodes well for your business.
Worse, if they had sufficient access before they left, an unscrupulous person could potentially commit fraud or embezzlement. These situations also make a business noncompliant to various regulations and compliance standards, to boot.
This is a considerable problem, largely due to the value that data holds for businesses today, as it has been for years. The Federal Bureau of Investigation and the Department of Homeland Security actually released a public service announcement discussing this phenomenon in 2014. One study indicated that an alarming 89% of 400 surveyed employees still had an active login and password for a former employer’s cloud storage, with 49% having logged in after they had left the company.
A visible example was provided last July within Tesla. A former employee, Martin Tripp, was accused by CEO Elon Musk of installing software that exported confidential data and trade secrets from the company to third parties. While Musk and Tesla see these alleged activities as sabotage, Tripp sees himself as a whistleblower… but that’s another, ongoing story at this point.
One way or another, you need to make sure that you protect your company. While we aren’t saying that your employees are all going to conspire against you once they’ve left your business, it only takes one.
There are a few activities that you should undertake to make sure that you’ve mitigated as much risk as possible from your business. From the very start of their employment, long before there’s an inkling of them leaving, you need to ensure you have the tools in place to keep an eye on your users and to control the data they are able to access. A monitoring tool will allow you to ensure that time isn’t being wasted, while a content filtering solution and permissions-based access policy will enable you to keep them from accessing data they have no need of accessing. As soon as an employee leaves or gets terminated, run through the processes to lock them out of everything.
Of course, you should always be backing up your data, leveraging a combination of onsite and offsite backup solutions, and preparing a disaster recovery plan. Not only will this help you to recover if an event does occur, it’s just a good practice to have in place. Finally, when an employee leaves, their accounts need to be disabled as soon as possible. This will prevent them from stealing data down the line, or simply sabotaging your use of it.
KT Connections can help you to do all of this. Learn more about what we can do, and give us a call at 605-341-3873 to talk to our professionals about implementing these measures in your business!
Rodd Ahrenstorff is the Director of Business Operations for KT Connections, as well as a member of the company’s ownership team starting in 2014. Rodd has been working in the computer and telecommunication fields for over twenty years—a term during which he has held a number of leadership positions. In the past, he has served as a broadcast television engineer, an systems architect, and most recently Director of Information Technology, including a role as a HIPAA Security Officer for behavioral health and multi-specialty medical providers.