Ask Jack: Do Former Employees Present A Risk To My Data?

By Jack McCalmon, The McCalmon Group, Inc.

May 18, 2023

Third-party criminals are most of our focus for data security. Are we missing anything?

 

All data security is good security. Although third-party breaches snag the headlines and most of the class action litigation, it does not mean it is your only risk.

Former employees also pose a risk to your data, even though you are less likely to read about those breaches in your news feed.

One reason is that these breaches often go unreported and, ominously, undetected.

After an employee leaves your employ, it is a standard best practice to deny access to accounts. This may seem simple so long as you know the accounts the ex-employee has access to and if they use a single set of credentials to access those accounts. If an ex-employee has multiple sets of credentials; has access to the credentials of others; or has engineered a back door into an account, then your data is at risk.

One recent survey revealed that 10 percent of former employees used past credentials to disrupt company activities. Another 56 percent claimed that their credentials were never changed on accounts, allowing them access even after they were gone. Another 44 percent stated an existing employee provided passwords to them after they were gone. https://www.blackenterprise.com/survey-nearly-50-of-former-employees-have-hacked-their-company-accounts/

The final takeaway is that you should monitor activity across accounts. All credentials need to be linked to a person, and that person must have approved access rights. Unusual activity must be tracked and dormant accounts purged. Most of all, organizations must develop and enforce a policy prohibiting the sharing or disclosure of credentials.

Jack McCalmon, Leslie Zieren, and Emily Brodzinski are attorneys with more than 50 years combined experience assisting employers in lowering their risk, including answering questions, like the one above, through the McCalmon Group's Best Practices Help Line. The Best Practice Help Line is a service of The McCalmon Group, Inc. Your organization may have access to The Best Practice Help Line or a similar service from another provider at no cost to you or at a discount. For questions about The Best Practice Help Line or what similar services are available to you via this Platform, call 888.712.7667.

If you have a question that you would like Jack McCalmon, Leslie Zieren, or Emily Brodzinski to consider for this column, please submit it to ask@mccalmon.com. Please note that The McCalmon Group cannot guarantee that your question will be answered. Answers are based on generally accepted risk management best practices. They are not, and should not be considered, legal advice. If you need an answer immediately or desire legal advice, please call your local legal counsel.

 

Finally, your opinion is important to us. Please complete the opinion survey:

News

New Fax Number for Best Practice Help Line

The fax line for Best Practice Help Line consultation requests is now 918-712-5965.

Ask Jack: Part One: What Are Signs My Computer Is Hacked?

Computer acting weird? Does it mean you are a victim of a cybercriminal? Jack takes a look at what should cause you to sweat and what shouldn't in a multi-part series.

Ask Jack: What Do I Need To Know About Malware Delivery Beyond Phishing?

Jack explains why you need to let employees know malware can originate from a lot of places other than their in-boxes.

Ask Jack: Is Deep Fake Voice Tech A Data Risk For Employers?

Deep fake voice scams are hitting families. Jack explains how it is just a matter of time before scammers turn their attention to employers.