How much can a former employee cost you?

One of the most common threats which companies often learn about only after an incident occurs is keeping the accounts of dismissed employees active and failing to revoke excessive rights in case employees were terminated or changed their job responsibilities within a company – many user accounts which should be disqualified stay active. Make sure your system follows sensible and strict data access patterns, data privacy policies are abided by and permissions are configured. The monitoring solution will help you identify access attempts and avoid litigation involving data owners and prove compliance.

How much can a former employee cost you?

Just recently, The City of New Haven, Connecticut (New Haven) has agreed to pay $202,400 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to implement a corrective action plan to settle potential violations of the HIPAA Privacy and Security Rules. 

In January 2017, the New Haven Health Department filed a breach report with OCR stating that a former employee may have accessed a file on a New Haven computer containing the protected health information (PHI) of 498 individuals.

OCR’s investigation revealed that, on July 27, 2016, a former employee returned to the health department, eight days after being terminated, logged into her old computer with her still-active user name and password, and downloaded PHI that included patient names, addresses, dates of birth, race/ethnicity, gender, and sexually transmitted disease test results onto a USB drive.

Additionally, OCR found that the former employee had shared her user ID and password with an intern, who continued to use these login credentials to access PHI on New Haven’s network after the employee was terminated.

“Medical providers need to know who in their organization can access patient data at all times. When someone’s employment ends, so must their access to patient records,” said OCR Director Roger Severino.
In my previous article, I have already talked about insider threats (employees) and also about "The Departure Risk" - an employee who is about to terminate the contract and take the data with him.

80% of departure risk employees tend to take data with them

And let's just quickly remind you about insider threats in an organization:

How to protect your sensitive data?

A solid information governance foundation helps organizations adopt a risk-based approach to protect their most valuable assets, while instilling sound data management hygiene.

In order to lower the chance or stop such incidents to happen, you need to implement proper risk management program and answer important questions about internal business risks:

  • What documents contain business critical information?
  • Where are the critical documents located?
  • Who has access to the data and can edit it?
  • How can it be shared?

A DCAP solution (data-centric audit and protection) for automated file system audit, search for access violations and monitoring changes in critical data could help you do that. The software helps you to stay informed of which kind of information is gathered by your company, how it is stored and used. FileAuditor will help you with:

  • Classification of vulnerable data: finds files in a document flow that contain critical information, and assigns a certain type to each file: personal data, trade secret, credit card numbers, etc.
  • Access rights audit: facilitates confidential information access control – automatically monitors open resources, files available to a specific user or group, privileged accounts.
  • Critical documents archiving: makes shadow copies of critical files found on a PC, server or network folders, saves the history of their revisions. Confidential data archive helps in incident investigation and ensures recovery of lost information.
  • User activity monitoring: audits user operations in a file system. The specialists responsible for risk mitigation always have their information about changes made to a file updated (creating, editing, moving, deleting, etc.).

FileAuditor visualises file system scan results in accordance with specified rules:

  1. Folder tree with indication of user rights to each directory or file
  2. List of operations on critical files (creation, movement, deletion, etc.) per user
  3. Location of critical documents on a PC, server or network storage

FileAuditor abides by the standards demanding that all processes be authorised, the system helps a specialist see what can and can’t be changed, whether an action is sanctioned or not.

Privileged access is among the most common reasons for security issues. The software enables privileged access management – you can monitor data usage on endpoints and servers by privileged accounts (for example, system administrators), control their activity and obtain information improving decision making regarding access granting and allocation of duties.

For more information, visit FileAuditor page, read about Data Protection and Classification


Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.