In your quest to achieve a balance of security in your corporate environment, you have taken the time to establish a hardware security policy, including things such as auto-update for operating systems and applications.

It might also include a back-up policy for data and a mandatory hard wipe for laptops that are shared within the organization for travel purposes. This precludes data from unintentionally ending up with an unauthorized user.

You’ve also educated your organization regarding external threats, whether from dedicated hackers intent on stealing your corporate knowledge, or from random attacks designed to take advantage of weaknesses in your security policy and practices. This education has included good email practices and safe surfing habits.

So far, so good.

There’s one more category of threat we need to consider: the inside job.

Consider the contractor who is on your network to provide some type of service. Perhaps a company is assisting with infrastructure issues like cable-pulling, or an outside accounting firm is helping with a finance upgrade. You’ve done the check on the company; they’re reliable, reputable and their employees are competent and courteous. What else do you know about these outside “insiders”?

This is just one element of what is probably the hardest problem to approach: The people you give trusted access to your network and your assets. Let’s look at several different types of personnel that might account for the loss of sensitive information or damage to your network and corporate assets.

Meet the Ex

Newly terminated employees can be cause for worry. They may be leaving of their own accord, or they may have been escorted off the premises for some malfeasance. Either way, it is very important that any “doors” of access for this individual are closed – immediately – on departure.

Authentication tokens should obviously be removed. Also, ensure that logins are no longer enabled and that any account access, remote or local, is also closed. Many organizations believe removing remote access is sufficient to protect themselves. In a large organization, however, it is a simple matter to “shoulder surf” through a secure door, plug into a jack in a conference room, and be on your way. If management hasn’t terminated building access and confiscated ID cards, this act of network trespass requires no effort at all.

Meet the New Ex, Same as the Old Ex

This is an individual who is already mentally “out the door.” This employee comes in two classes: One has already submitted a resignation notice; the other hasn't, only because they’re still looking for a new job.

The newly resigned employee is simple to spot, but it’s up to the company to decide how they will be handled. Policy should dictate whether the employee remains on the job, or is asked to take the two weeks as a paid vacation, and escorted off the property.