It would seem that the risk of
data breaches caused by privileged personnel depends on how and why the employee left the company. Leaving on good terms? Great, let’s wash those hands together. Plan on firing someone? You should probably take a few extra precautions to secure the perimeter.
If an organization plans on firing an IT employee, it should perform a data review and revoke all access prior to termination. As exhibited in an attempted
Fannie Mae hack, it only takes minutes to perform irreversible harm. Just two hours prior to returning his laptop, a terminated Unix engineer accessed a Fannie Mae server and embedded malware that was set to destroy data on all the company servers.
Unfortunately, it’s not always the case that an employee needs to be terminated in order to pose a cybersecurity threat. Take for example, the story of Michael Leeper who held a senior technology role at Columbia Sportswear before leaving to become CTO at Denali Advanced Integration. Prior to his departure, Leeper created
backdoor accounts which left him with access to the company’s VPN and VDI connections. He used these accounts to help gain an advantage in his dealings between Denali and Columbia. When the data breach was discovered, Leeper was immediately fired from Denali and taken to court.
