Every company works with valuable information about its business what needs to be kept behind closed doors. The employees with access to this information have to be aware of its importance and their obligation is to keep it safe, but what happens is one of them leaves the company?
As we have already drawn attention to on various occasions, few companies are prepared to face this event and the majority don’t take adequate precautions before and after an employee leaves or is fired. In fact, according to a study by Osterman research, 89% of workers keep the user name and password of their corporate accounts after leaving their jobs, and nearly half admit having used these to access their old accounts.
If this happens with any member of the team, no matter how low-ranked they may be, imagine the potential for problems if an executive is fired – someone who occupies a high-ranked position with access to lots of sensitive information.
The main risk is that the company’s intellectual property could end up in the hands of others, something which, unfortunately, happens all too often. This example explains it better – in 2014 the startup transport collaborative Lyft went to court after its COO left the company to join its main rival, Uber.
He took with him confidential information relating to the business and this serves as an example for all businesses that these situations are real and they need to be prepared for them.
It might seem like a job for the legal department, but IT security also plays an important role in all of this in two distinct ways: it avoids the theft of intellectual property and, in the worst of cases, gathers evidence to show that such a theft happened in the first place.
When the thief is the boss, however, it is usually a little more complicated. It’s difficult to avoid them having passwords to different services and tools, while also being hard to stop them using their own devices to access them from anywhere they want (especially if it is their job to resolves problems relating to various different departments).
Taking away access as soon as they walk out the door (and getting back the company mobile, tablet, and computer) would be of little use as they’d already have had multiple opportunities to copy valuable information. The best thing to do is remind them of confidentiality clauses in their contracts that they signed when joining the company, and to complete an exhaustive review of their activities during their final weeks.
It’s normal that businesses, especially larger ones, do this before hiring: reviewing previous records, asking for recommendations, rigorous selection processes, etc. However, these measures are hardly ever taken into consideration when someone leaves a company.
With an eye on making this task easier, there is a dedicated software that allows for the monitoring of computers to avoid leaks. Panda Security has developed the ideal solution for large businesses, Adaptive Defense 360, which combats information theft and both external threats (malware, for example) and internal ones (an employee copying files onto a USB from the cloud).
When it comes to a high-ranked employee who decides to switch over to the competition, both prevention and reaction are more difficult. Sometimes the boss can be the biggest danger to a business, even if it isn’t immediately obvious.
The post When the boss is the biggest threat to a company’s security appeared first on MediaCenter Panda Security.
Source: Panda