Marriott learned the hard way that a former employee can be a significant cybersecurity threat. The hotel company terminated one of its employees in August 2016. Shortly thereafter it discovered that the former employee had hacked into the company’s reservation system to reduce New York City room rates by up to 95 percent, generating losses of approximately $50,000.
Not every former employee will have the knowledge or sophistication to engineer this type of hacking attack, and fewer still are likely so bent on revenge that they will resort to cybercriminal activity. Still, companies often face greater cybersecurity threats from insiders who have greater knowledge of the company’s networks, including knowledge of those networks’ weaknesses, than they do from outsiders. Experts recommend a number of different practices that companies can adopt to stabilize their cybersecurity efforts in the face of employee turnover:
- Apply the strongest protections around the most valuable digital assets. Restrict access to those assets only to the most trusted employees and maintain logs to record the parties who do access them.
- Beware of suspicious activity by current employees who appear to be ready to resign or who are about to be terminated. A majority of insider cyberattacks occur within 30 days before and after an employee is terminated or resigns. Employees who give their employer a two-week resignation notice should be closely monitored for unusual network activity.
- Shut down an employee’s account access immediately upon termination or resignation and collect all company-issued computers and data devices. The company’s information technology department should be involved in this process to confirm that all account access has ended, including any access from the former employee’s personal computers, phones, or tablets.
- Use the right digital tools to protect networks against improper use and access by both current and former employees. Centralized data logging tools, for example, can flag unusual network access and downloads of large amounts of data, both of which can be signs that an insider is preparing to breach a company’s cybersecurity.
- Not all former employee cybersecurity threats are motivated by malice. Weak password policies combined with employee absent-mindedness or negligence can create easy pathways for hackers to get into a company’s networks. On average, almost 20 percent of passwords to business networks are weak and easily guessed. Employees who are not satisfied with their jobs will have little incentive to use strong passwords or to follow other company cybersecurity policies. Corporate networks should be configured to require strong passwords.
- Provide regular cybersecurity training to employees, including strict instructions not to share passwords and access codes. Employees often underestimate the risks of sharing their access credentials with other current or former employees.
Even with all these protections, no company or organization is safe from insider cybersecurity threats. Even the U.S. National Security Agency (which presumably utilizes the strongest available cybersecurity mechanisms) lost a substantial amount of highly-classified digital information through the efforts of Edward Snowden, who was a contractor and not even a direct employee of the agency.
For those times when cybersecurity protections do prove to be inadequate, cyber policy insurance can help a company to recover direct losses and to insurance against third-party liabilities that might arise when a former employee uses insider knowledge to breach a data network. With the right cyber policy insurance, for example, Marriott might have been able to recoup at least a portion of the $50,000 it lost as a result of its former employee’s hacking into its reservation system.
Employee turnover is an established fact among modern corporations. Every corporation understands that turnover can be expensive in terms of locating, hiring, and training new employees. Cyber policy insurance can limit the greater expenses that former employees might add to those turnover costs.