It is important to disable logins for any employee that leaves your practice. If this is not done, an employee could potentially still connect in remotely to your system. This opens your practice up to a serious cyber security threat. This risk is so great that the FBI and Department of Homeland Security (DHS) recently issued a public service announcement, saying the “increase in insider threat cases … from disgruntled and/or former employees poses a significant cyber threat to U.S. businesses due to their authorized access to sensitive information and the networks businesses rely on.”
How can you comply with regulatory obligations to protect sensitive data or PHI if ex-employees can still enter your systems and delete or modify data? Fines and legal costs can be substantial.
Being proactive is key to protecting your data and your business. To help you do that, we recommend you:
• Conduct regular reviews of employee access, and terminate any account that individuals don’t need to perform their daily job responsibilities.
• Terminate all accounts associated with an employee or contractor immediately upon their dismissal.
• Change administrative passwords to servers and networks when you terminate IT personnel.
• Avoid using shared usernames and passwords.
• Avoid using the same login and password for multiple platforms, servers or networks.
• Notify third-party service companies that provide email or customer support when an employee has been terminated.
• Restrict Internet access on corporate computers to cloud storage websites.
• Restrict employees from downloading unauthorized remote login applications on corporate computers.
• Maintain daily backups.
To protect your business, it’s important that you pay close attention to who has access to what data. Most offices don’t think about this until something happens but you should focus on this [immediately], then you won’t have to worry going forward.