Don't gamble with your company's investigation process.

Learn about i-Sight software today

An Internal Information Security Nightmare: The Disgruntled Employee

Learn how to address the internal information security issue of recently terminated or otherwise disgruntled employees who might want to steal your data.

Posted by Joe Gerard on October 14th, 2010

Disgruntled employees are the greatest risk in any organization when it comes to data leaks. As record numbers of employees leave their jobs, divulging data and other sensitive information could be their way of taking one last shot at the company.

Is your organization adequately prepared to protect sensitive information from disgruntled or recently terminated employees? If not, here are a few ideas to help you get started.


Don't wait until you suffer an internal information security breach.

Boosting your prevention efforts now takes just one tool. Download this free eBook to learn how case management software helps you track, manage, and prevent security incidents to better protect your data.

Get My eBook

Get It On Paper, and the Screen

Begin with a written policy. Not only should you incorporate laws and regulations into your company’s internal information security policy, but take the policy a step further and include security measures that relate to the various business processes within your organization.

In the policy, address the consequences of leaking data. Make it known that whether an employee is employed by the company or is terminated, leaking company information isn’t tolerated. Define access roles for each member of you organization. Limit the amount of information employees have access to even while they are employed by the company. This limits the amount and type of information that could be leaked should an employee be terminated.

As with any organizational policy, train employees to understand and follow it. Update the policy as people come and go, as well as when new risks are identified- stay current.

Time and access are key considerations in protecting your organization from data leaks. Upon termination, revoke access to files, computers and other areas where information is stored. Many employees copy data over to mobile phones, laptops, USB keys, CDs and other devices that they carry out of the office- have terminated employees hand these over immediately.

Removing the employee as soon as possible is also a good idea. This way, they have less time to collect information and try taking it with them when they leave.


RELATED: 11 Expert Tips for Data Breach Prevention


Create a Security Checklist

Once an employee is terminated, you must act fast to block their access to information. There can be a lot to remember, which is why an internal information security checklist can be useful in these situations. When putting your checklist together, assign tasks to others in the workplace to help speed up the process.

The American Bar Association recommends including the following four categories in your checklist:

(1)   Physical removal of the employee from the premises as soon as possible.

(2)   Limit the employee’s physical and electronic access- security cards, keys, change security codes, removal from internal networks, disable remote access, change system passwords, disable e-mail, obtain company credit cards, etc.

(3)   Minimization of any incentive for the employee to attempt to re-access the employer’s computer system.

(4)   Continuous monitoring of the employer’s computer system for security breaches.

Joe Gerard
Joe Gerard

CEO, i-Sight

Spend my days showing off the i-Sight investigative case management software and finding ways to help clients improve their investigations. Usually working with corporate security, HR & employee relations, compliance and legal teams.

Visit Website

Book A Demo

To our customers: We’ll never sell, distribute or reveal your email address to anyone. Privacy Policy

Want to conduct better investigations?

Sign up for i-Sight’s newsletter and get new articles, templates, CE eligible webinars and more delivered to your inbox every week.