In today's information-driven world, insider risk has become a topic of concern for many organisations. The risk becomes particularly pronounced when dealing with exiting or terminated employees, especially those at senior levels who have access to more sensitive information. Managing this risk effectively requires a nuanced and multifaceted approach that combines preventive measures, strict monitoring, and, if necessary, a tailored exit strategy.

Insider Risk Explained

Insider risk refers to the threat that insiders, such as employees, contractors, or other individuals with inside information, may use that knowledge maliciously or carelessly. This risk can lead to data leaks, intellectual property theft, or even sabotage.

The Elevated Risk of Senior Employees

Often, the higher the seniority of an employee, the greater the risk associated with their departure. Senior employees typically have access to sensitive and critical information that might include strategic plans, financial details, intellectual property, and customer data. When such an individual leaves an organisation, whether through resignation or termination, they potentially carry with them invaluable insights that, if misused, could severely damage the company.

Gardening Leave and Access Restrictions

One approach to mitigate this risk is to implement a practice known as "gardening leave." This entails placing exiting employees on paid leave during their notice period, restricting their access to sensitive information, and preventing them from taking up new employment with competitors during this time. Gardening leave acts as a buffer, reducing the chance of sensitive information being mishandled or misappropriated.

In addition to gardening leave, organisations should also consider implementing highly restricted access to crucial information. This can be accomplished by systematically revoking or limiting access rights to specific files, databases, or networks as the employee's exit date approaches.

Enhanced Monitoring

Monitoring of employees is a standard risk mitigation strategy, but in the case of exiting employees, this monitoring should be enhanced to become more sensitive to high-risk activities. Enhanced monitoring can involve:

  1. Increased Oversight: Regularly reviewing an exiting employee's actions and access requests during their notice period.
  2. Automated Alerts: Implementing technology to detect unusual behaviour, such as excessive downloading or copying of files.
  3. Real-Time Response: Creating procedures to respond quickly if suspicious behaviour is detected.

Ethical and Legal Considerations

While the above strategies are essential, they must be implemented with care and transparency to ensure that they align with legal and ethical guidelines. Monitoring should never infringe upon an individual's privacy rights, and all measures should be communicated openly and clearly to all employees.

Best Practices

Here are some best practices that organisations can follow to manage the insider risk associated with exiting or terminated employees effectively:

  1. Develop Clear Policies: Create transparent policies that detail how the organisation will handle exiting employees, including gardening leave, access restrictions, and monitoring.
  2. Train Employees: Regularly educate all employees, not just those at the senior level, about the importance of safeguarding sensitive information and adhering to company policies.
  3. Collaborate with IT and Legal Teams: Ensure that IT and legal teams are involved in developing and implementing insider risk management strategies to ensure both technical effectiveness and legal compliance.
  4. Conduct Exit Interviews: Leverage exit interviews to understand the motivations and plans of the departing employees and assess the potential risks.
  5. Maintain Vigilance After Departure: Continue to monitor for any suspicious activities or unauthorised access even after the employee's departure to catch any delayed attempts at misuse.

In Summary

Managing the insider risk associated with exiting or terminated employees, particularly those at senior levels, is a complex and vital task for modern organisations. By understanding the unique risks, adopting practices like gardening leave, enhancing monitoring, and adhering to legal and ethical considerations, companies can protect their valuable information and maintain their competitive edge. The commitment to a comprehensive and thoughtful strategy will not only mitigate risk but also promote a culture of trust and responsibility within the organisation.

Christopher McNaughton

Strategic Advisor, ShadowSight

Who is Christopher McNaughton

Chris is a proficient problem solver with a strategic aptitude for anticipating and addressing potential business issues, particularly in areas such as Insider Threat, Data Governance, Digital Forensics, Workplace Investigations, and Cyber Security. He thrives on turning intricate challenges into opportunities for increased efficiency, offering pragmatic solutions derived from a practical and realistic approach.

Starting his career as a law enforcement Detective, Chris transitioned to multinational organisations where he specialised and excelled in Cyber Security, proving his authority in the field. Even under demanding circumstances, his commitment to delivering exceptional results remains unwavering, underpinned by his extraordinary ability to understand both cyber and business problems swiftly, along with a deep emphasis on active listening.

What is ShadowSight

ShadowSight is an innovative insider risk staff monitoring tool that proactively guards your business against internal threats and safeguards vital data from unauthorised access and malicious activities. We offer a seamless integration with your current systems, boosting regulatory compliance while providing unparalleled visibility into non-compliant activities to reinforce a secure digital environment. By prioritising actionable intelligence, ShadowSight not only mitigates insider threats but also fosters a culture of proactive risk management, significantly simplifying your compliance process without the overwhelming burden of false positives.