FBI warns on the “ex-employee menace”
A few weeks ago, we told you that 89% of ex-employees retained access to at least one application from a former employer.
On Tuesday, the FBI announced that this kind of access poses “a significant cyber threat to US businesses.”
“The exploitation of business networks and servers by disgruntled and/or former employees has resulted in several significant FBI investigations in which individuals used their access to destroy data, steal proprietary software, obtain customer information, purchase unauthorized goods and services using customer accounts, and gain a competitive edge at a new company.”
According to the FBI, this risk has resulted in “several significant FBI investigations” and serious damages.
“A review of recent FBI cyber investigations revealed victim businesses incur significant costs ranging from $5,000 to $3 million due to cyber incidents involving disgruntled or former employees. Businesses reported various factors into their cost estimates, to include: calculating the value of stolen data, Information Technology (IT) services, the establishment of network countermeasures, legal fees, loss of revenue and/or customers, and the purchase of credit monitoring services for employees and customers affected by a data breach.”
FBI warning underscores Intermedia’s “Rogue Access Report”
Our report on the threat posed by ex-employees foreshadows today’s FBI announcement. Here are some of our eye-popping findings:
- An incredible 89% of our survey respondents retained access to Salesforce, email, SharePoint and other sensitive corporate apps
- This includes 24% who retained access to corporate Paypal accounts
- 45% could access what they consider “confidential” or “highly confidential” data
- Almost 50% admit that they’ve logged in to their ex-employer’s systems
In our report, we offer a number of best practices for controlling ex-employee access. In its announcement, the FBI offered a number of tips to combat this threat that echoed our recommendations. Their tips include:
- Conduct a regular review of employee access and terminate any account that individuals do not need to perform their daily job responsibilities
- Terminate all accounts associated with an employee or contractor immediately upon dismissal
- Change administrative passwords to servers and networks following the release of IT personnel