Do Ex-Employees Really Pose a Threat to Security?

Updated: June 22, 2009

According to a recent survey by Courion Corporation, 93 percent of organizations don't think that terminated employees pose a security risk to systems. Meanwhile 53 percent of IT managers aren't really aware of what rights to systems employees have, which leads to accounts remaining active after termination. The global survey is based on questions asked to 236 business managers from companies with at least 10,000 employees.

So, are those business managers correct? No, says Dominique Levin, EVP of Marketing and Strategy for LogLogic, a log management and database security vendor. "Once the layoff notice is issued, all bets are off: even a formerly trustworthy employee can be tempted to steal data. In fact, a recent study from the Ponemon Institute found that 59 percent of laid-off workers had stolen data from their company, and 67 percent of those respondents admitted to using the confidential information in order to secure a new job," says Levin.

To keep employees more honest, Michael A. Davis, chief executive officer of Savid Technologies, Inc, suggests using the exit interview as a means to remind employees of the agreements they signed. "I recommend that for those accounts with high privilege (IT admins, VPs, etc) that you print out the last few emails the person sent and give them a copy of the acceptable use policy and any other policy the employee should have signed regarding intellectual property. You give them a copy of the email so that they realize you can watch them and have access to their systems. If this is not possible, giving a list of the top 10 URL they visited etc, may also help," says Davis. "Deterrence can severely reduce the chance that after two to three weeks an employee becomes more disgruntled and then attempts to break back in or cause a breach. I call this the ‘bullshit' meeting where the employee goes out for drinks with friends and says ‘this is bullshit' and decides to fight back. If they know there were/are watched they will be much less likely to actually execute on the threat."


Featured Research