Insider threats and employee turnover: What you need to know

There are plenty of reasons why you should work to retain employees as long as they’re being reasonably productive and contributing to the bottom line. The main reason is that it’s really costly, in both time and money, to replace folks who have left.

This is something all business owners know, just like they know that no matter how much they try to retain people, there will still be turnover. But too many business owners neglect the elevated risk of insider threats that are related to employee turnover. And all too often they leave themselves more vulnerable to these risks than necessary.

What are insider threats?

Insider threats are a pretty broad category of threat, as we discussed in this post. But here we’ll focus only on insider threats that arise when people within an organization misuse their access privileges in a way that causes harm. Turnover amplifies these risks, as access privileges and sensitive knowledge can walk out the door — or worse, get misused before someone officially leaves.

Real-world examples

Let’s look at some eye-opening cases that highlight the risks:

• The Tesla Data Leak (2018): A disgruntled former employee allegedly exported confidential data to outsiders and sabotaged systems after being let go. The incident disrupted manufacturing and cost the company millions.
• Anthony Levandowski at Google: Before joining a competitor, Levandowski downloaded thousands of proprietary files related to self-driving car technology. This led to a high-profile lawsuit between Waymo (Google’s self-driving car unit) and Uber.
• Coca-Cola’s Data Breach (2018): An ex-contractor retained a hard drive containing personal data of over 8,000 employees. The breach wasn’t discovered until months after the contractor left, putting thousands at risk.

In each of these cases, the common denominator was a trusted employee whose departure became a trigger for potential disaster. For a more detailed look at another example, check out this post.

Why turnover creates risks

Departing employees know your systems, processes and data flows better than almost anyone. They may still have access to critical accounts for hours, days or weeks after announcing their departure. In some cases, they might harbor resentments or simply overlook protocols, leading to accidental or intentional data leaks.

How to minimize insider threats

There are practical steps every organization can take. Here’s how to dial down risk when employees leave:

• Immediately revoke system access once an employee’s departure is confirmed. Modern zero-trust access control systems like those built into Barracuda’s network protection components ensure nothing falls through the cracks.
• Modern XDR systems that include SOC oversight, like Barracuda Managed XDR, can detect suspicious activity — such as mass downloads or unauthorized data transfers — before, during and after the notice period.
• Protect sensitive data by regularly scanning your network to identify and remediate any instance of files containing it being stored insecurely, using a tool such as Barracuda Data Inspector.
• Conduct routine access audits to spot dormant accounts or excessive privileges. The principle of least privilege ensures employees have only the access they need.
• Conduct regular security awareness training to ensure staff understand cybersecurity risks, emphasizing policies around data handling, reporting suspicious activities and respecting offboarding procedures. Training products such as Barracuda Security Awareness Training make it easy (and even fun).

Prevention is key

Saying farewell to an employee should never mean saying goodbye to your data security. Think of insider threats the way detectives think about crime: It all comes down to means, motive and opportunity. If you can minimize all three of these, you’ll keep your risks of turnover-related incidents to a minimum too.