eLearnSecurity Blog

Top 5 Things to Do When Your Trusted IT Professionals Leave

Businesses and organizations spend billions to protect data from cyber attacks across the Internet. Another thing that you should consider are threats coming from the inside. Staff-related security breaches such as that of Morgan Stanley investment firm and Ashley Madison site where the CEO tells the possibility of the hack done by an insider tells us to always keep our guards on – even from our own staff. Much more when you have IT Professionals who have access to all your records.

What happens then if, under any circumstance, one of your trusted IT staff leaves the company? IT Security Researcher, Davide “GiRa” Girardi, shares 5 important points.

What to Do When Your IT Staff Leaves the Company

insider threat cybersecurity

1. Ask for a Documentation Review

You should request for a documentation review of the systems so that the successor will understand how things work and will be able to carry out operations based on the documentation. If there are some temporary hacks or relaxed security settings (to keep the business running), it should also be highlighted in the documentation.

2. Change all the passwords! Yes, *all* of them!

IT admins use a lot of passwords. They may also know password hashes, DB credentials, application credentials, users credentials (users always tend to tell them) and many other passwords. It is important that passwords of all systems and users who came in contact with the ex-employee are changed.

3. Disable their accounts (Admin Accounts, Email Accounts)

Sometimes, if the system has a complex environment and you have changed all the passwords, something could still be overlooked. Disabling the account adds another layer of security to ensure that the person does not have access to your systems and networks. This also includes disabling emails as it’s possible for the ex-employee to mount an effective social engineering attack using an internal corporate email address.

4. Disable their authentication-related public keys

SSH services, VPNs, web applications and other systems can be configured to perform strong  authentication even without a password. Revoking the keys is as much as important as changing the passwords. You could change the password used to access the fort, but what happens if someone has the keys of the front door?

5. Inform your Other Employees

Keep your existing employees on the loop when somebody leaves the company and when somebody new comes in. Knowing who stays and goes is another thing that helps preventing social engineering attacks.

All the changes and updates listed above should be done as soon as possible. Better yet they should be automated and put into practice as soon as the former employee’s contract ends.

Learn to Defend Your Network – Practical Network Defense FREE Trial

PND product boxLearn to defend your network from cyberattacks . This practical training course for IT Admins, System Analysts, Network Engineers, etc. makes you learn to protect your network from common attack vectors. Get a FREE Trial before you enroll! Practical Network Defense FREE Trial


Davide Girardi gira

Davide “Gira” Girardi is a security researcher and instructor. He has 8+ years of experience in system hardening and security consultancy on Linux, Windows, OSX and mixed environments.

LinkedIn: https://www.linkedin.com/pub/davide-girardi/76/652/744

Tags: , , , ,

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go to top of page