Passportal Blog

What Employee Turnover Means for Data and Credential Security

[SECURITY | 5 MIN READ] Employee turnover can lead to significant security risks. Here’s what MSPs need to know.

1908_PP_Employment_Turnover_Social_Graphics_720x356_v01

High employee turnover is a fact of life these days. Today’s workers, particularly millennials, are switching jobs more frequently than in the past. Managed services providers (MSPs) can take steps to retain quality employees, but sometimes turnover is unavoidable. According to a white paper from Osterman Research, up to 24% of employees leave a typical American organization each year, and the average term of employment is now just 4.2 years.

The cost of employee turnover is well known in terms of the financial and logistic consequences. Finding new employees is expensive, and turnover can cause a loss of institutional knowledge and gaps in customer service. But what people often tend to overlook are the significant data security risks caused by a high employee turnover rate. In this article, we’ll cover why turnover is a crucial issue in IT security risk management, as well as provide tips on how to minimize the threat.

How can MSPs safeguard data after employee termination?

The same Osterman Research white paper referenced above states that 87% of employees admit to taking data they created when leaving a job, and 28% admit taking data created by others. These statistics clearly present a big data security issue, as a company’s data is one of its most precious assets.

The problem is exacerbated when a worker is given the pink slip. Disgruntled ex-employees can easily wreak havoc if they decide to retaliate against former employers. In one infamous case, an IT technician for the American College of Education changed the password for the institution’s Google account, then erased his laptop’s hard drive before departing. The college was left without access to its student email and course catalog systems. In another example, a terminated employee from a car dealership used an automated system to immobilize hundreds of purchased vehicles in Austin, Texas. 

Fortunately, there are steps companies can take to prevent employee data theft. Departing workers may be tempted to save data on USB drives, upload data to the cloud, or send data to their personal email accounts. To safeguard against these situations, IT departments should be on the lookout for unexpected data transfers via USB or the cloud, unusual spikes in email activity, and files being accessed after work hours. Any of these activities could be an indication that an employee is doing something they shouldn’t.

Realistically, however, it’s even better to put measures in place to avoid these risks before they occur. Make certain your employees only have access to the data necessary to do their jobs and restrict access to everything else—this is best practice not only for security purposes, but also in terms of job efficiency. Have documented data security policies and include them in employee training. When a new technician signs an employment contract, he or she should agree to abide by these provisions.

Other best practices for securing data include mandating authentication to access sensitive data and encrypting this data at all times. Mobile and storage devices pose a particular threat—so you need to be sure that departing employees turn in any phones, tablets, or USB drives on their last day, as well as their ID badge and keys to ensure they no longer have access to private areas. Disgruntled former employees may try to delete valuable data, so performing regular backups is essential to ensure their actions cannot result in permanent erasure.

What are best practices for credential security?

Password security is a key factor when it comes to employee turnover. When an employee leaves, he or she will be departing with knowledge of your organization’s passwords. This also includes their personal login to the network and their email account, making it essential to disable these and change organizational passwords as soon as they depart.

That being said, it’s easy to underestimate just how many passwords an IT employee has access to. These may include administrative credentials for your operating system; passwords to network devices like routers, switches, and wireless access points; passwords that allow access to your website, blog platform, and email marketing service; passwords for company social network accounts such as Twitter, Facebook, LinkedIn, and Instagram; and even passwords for copiers, scanners, and printers.

With knowledge of all these potential passwords, an employee with nefarious motives could easily cause enormous problems. Such an employee could use these passwords to disable your network, delete website content, or make embarrassing posts on official social media. That’s why it’s critical to keep track of exactly which passwords each employee has access to. Whenever a team member quits or is terminated, the first step should be to immediately disable their personal accounts and change the passwords of any shared accounts.

With numerous employees each knowing potentially dozens of passwords, keeping track of who has access to what can quickly become complicated. This is where an enterprise password manager comes in. An enterprise password manager is a more robust version of the programs you may be familiar with for consumer devices. A password manager stores all login credentials in an encrypted, centralized vault. Access to each password is only granted to employees who need a given password to accomplish their tasks.

Furthermore, if and when an employee departs, a password manager allows you to immediately see which passwords they were using so they can be updated. Even better, a password manager can hide the passwords themselves from employees. They simply use one credential for the manager, which takes care of logging them into other systems. This removes the need to change every password whenever someone leaves.

SolarWinds® Passportal + Documentation Manager is a fully featured password management solution specifically geared towards MSPs. Passportal + Documentation Manager offers credential injection, reporting, auditing, password change automation, and privileged client documentation management. It stores credentials and knowledge in an encrypted password vault, controlled by role-based permissions and multifactor authentication (MFA) for maximum security.

Request a demo today.

 

Additional Reading:

SolarWinds® adds Passportal suite to its MSP product portfolio. MSP security, simplified. SolarWinds® Passportal + Documentation Manager is a SOC 2 certified, RAPID 7 tested, award winning platform.

 Audited Tested Awarded-01

Grow your business faster with the world's first unified platform for true password management and secure IT documentation. More than 2,000 best-in-class MSPs around the world are leveraging our security, automation, and rapid access client knowledge to out preform the competition.Passportal-SolarWinds_1200x190

SCHEDULE A DEMO

Topics: Passportal Insights MSP Wisdom Security Education