Do Ex-Employees Really Pose a Threat to Security?

Updated: June 22, 2009

According to a recent survey by Courion Corporation, 93 percent of organizations don't think that terminated employees pose a security risk to systems. Meanwhile 53 percent of IT managers aren't really aware of what rights to systems employees have, which leads to accounts remaining active after termination. The global survey is based on questions asked to 236 business managers from companies with at least 10,000 employees.

So, are those business managers correct? No, says Dominique Levin, EVP of Marketing and Strategy for LogLogic, a log management and database security vendor. "Once the layoff notice is issued, all bets are off: even a formerly trustworthy employee can be tempted to steal data. In fact, a recent study from the Ponemon Institute found that 59 percent of laid-off workers had stolen data from their company, and 67 percent of those respondents admitted to using the confidential information in order to secure a new job," says Levin.

To keep employees more honest, Michael A. Davis, chief executive officer of Savid Technologies, Inc, suggests using the exit interview as a means to remind employees of the agreements they signed. "I recommend that for those accounts with high privilege (IT admins, VPs, etc) that you print out the last few emails the person sent and give them a copy of the acceptable use policy and any other policy the employee should have signed regarding intellectual property. You give them a copy of the email so that they realize you can watch them and have access to their systems. If this is not possible, giving a list of the top 10 URL they visited etc, may also help," says Davis. "Deterrence can severely reduce the chance that after two to three weeks an employee becomes more disgruntled and then attempts to break back in or cause a breach. I call this the ‘bullshit' meeting where the employee goes out for drinks with friends and says ‘this is bullshit' and decides to fight back. If they know there were/are watched they will be much less likely to actually execute on the threat."

Related Categories
Featured Research
  • Securing Enterprise Information Technology

    In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more

  • Office365 Adoption eGuide

    Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more

  • Okta Directory Integration

    For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more

  • Top 8 Identity and Access Management Challenges with Your SaaS Applications

    With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more

  • Better BYOD with Pulse Secure and MDM Partners

    Learn how Pulse Secure and leading MDM product partners are transforming the way employees and IT benefit from the productivity and flexibility of BYOD — without compromising security or increasing management complexity. more