Help! My IT Employee Went Rogue

August 01, 2018

In a perfect world, every employee comes to work happy, gets along with their co-workers and does their job perfectly. But the reality is, sometimes people become disgruntled, make mistakes or bad choices and have to be reprimanded or even fired. In a worst case scenario, when that person is an IT position or an upper-level executive with high-level security access, they can use their knowledge and access to do irreparable harm to the company, both financially and to its reputation.

While no one expects to have to deal with a situation where a cyberattack comes from within, it happens more than you might expect, and it is always best to be prepared for the situation. In the event that a disgruntled employee uses their access to cause harm to your company, the first thing you need to do is assess the situation. Immediately figure out if anyone is in danger of being harmed, and if so alert authorities. Once you’ve got an idea of where things stand, immediately take control of all communication methods. Assume that all methods of communication currently in use are compromised and purchase a pre-paid or clean phone, as well as a cloudbook or tablet to use begin solving the issue safely.

Once you’ve got clean devices, it’s time to get to work setting up a new, safe, cyber environment and protect the data and information critical to your company’s success. Here are a few steps to take:

  • Set up a secure network/Wi-Fi environment. This might be in a place other than your business office or home. When creating new passwords, make sure to Lock Down Your Login and use two-factor authentication. When setting up your new devices and network, do not link them to any existing email accounts. Ensure that everything is  new.
  • Protect and backup data. Start with backing up or printing out contact and calendar information and other communications from your old phone, computer and email accounts. Also make sure backup tapes, drives or cloud accounts are accounted for and secure from being overwritten or destroyed.
  • Maintain domain control. Contact the domain host and registrars to make sure your company still has legal ownership of your domain. Without properly configured domain names, your website and all emails will cease to function and could even be redirected to a competitor.
  • Contact any vendors for services that are outsourced, such as web development, web hosting or back up storage. Have them restore a good back up to a clean account or server.

In addition to the initial steps to ensure your company’s data is protected, there are other factors to consider as well, including communications aspects such as alerting employees and the public

if necessary, analyzing cash flow and ramping up physical security temporarily.

To learn more about how to handle all aspects of a malicious attack by an employee, download our free guide: Malicious IT Employee: A Survival Guide. It includes further information on what steps to take as well as technical advice on regaining control of your systems and preventing future attacks.