Confronting the Insider Threat

By Laura Spadanuta

When an employee is terminated, regardless of the cause, the business must have protocols that minimize the potential for the departing employee to harm the company or steal corporate data. That process actually begins when a person is hired, at which time they should have been asked to sign appropriate documents, such as confidentiality, nondisclosure, or noncompete agreements.

At the time of departure, especially when it is a termination, one of the best safeguards is to take out the paperwork that they signed and show it to them again. This reminds them that they signed a legal document and “that it is serious business,” says McGonagle. “Don’t overstate it. But again, you want to remind them that they still have obligations to you.” (Of course, this may not deter a determined leaker or a person intent on otherwise misappropriating corporate data but it will set a legal framework for later prosecution.)

Next, the company must have a process for immediately removing the terminated employee’s access privileges to any company systems and networks. This reduces the potential for the employee to take company data after the termination.

An insider looking to do harm is a uniquely dangerous villain, because of his or her proximity to the company and its information. By having comprehensive policies in place and cultivating a vigilant work force with a culture that acknowledges and mitigates insider threats, companies may be able to avoid situations where assets are compromised by trusted insiders looking to do harm.



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.