Former employees can be a cybersecurity threat to any small business, but this does not require them to be malicious in any way. Rather, how a company handles the accounts and data of a former employee can have big consequences for that business’ cybersecurity. While it may be easy to forget about the suspended account of an employee who left five years ago, any cybersecurity planning done by your business should include securing old employee information.
Leaked Information on the Dark Web
The suspended accounts of former employees may still be connected to third-party services in some way, and this means that old information related to that account can be stolen in a data breach. Even if the data linked to that account is old, malicious actors can find patterns in how your business creates its email addresses or other information that could lead to future attacks. This means that when you work with your managed service provider (MSP) for services like a dark web scan, you should double check that you are looking for old employee accounts as well active ones.
Vulnerable Open Accounts
In addition to including old employee accounts in dark web scans and other cybersecurity planning, your IT department should ensure all old employee accounts are suspended, deleted, or inaccessible to anyone but a network administrator. If a former employee’s account remains available for use, then it becomes an attack vector for malicious actors that your company may not even be paying attention to. This can have devastating consequences if a malicious actor accesses the account but does not make it immediately known that they have access to your network.
While it is extremely difficult to detect and monitor, business’ should also keep in mind that former employees may have company information downloaded on personal devices. If a former employee engaged in shadow IT activities, then they could have used personal devices to complete their work, and if they do not keep those devices secure, then the information they still have may be leaked. While there is little a business can do about such undetectable activities, it highlights how important it is that former employees are asked to ensure they do not have company data left on their own devices and that your IT team keeps this potential attack surface in mind.
While it is unlikely that information related to former employees would cause a cybersecurity breach at your company, it has caused an enormous amount of damage when it has happened. This is because old account information can seem less important the older it gets, and it is difficult to monitor and detect all third-party information related to that account. However, if you think your business needs to improve its handling of former employee data, then our team here at Robinett Consulting wants to help!