Protect Your Office 365 Data from a Rogue Employee

You know the importance of protecting your Office 365 data from (fairly) predictable risks. For example, an app overwriting the data stored in O365 could conceivably happen. But what about the risks you aren’t planning for? What about the rogue employee?

What is a rogue employee?

User error that isn’t accidental; that’s the threat of a rogue employee. While some disgruntled users make headlines for violent acts against their co-workers, the vast majority of revenge-seeking employees act out by stealing office supplies, cursing their managers, or by sabotaging company computer systems.

Typically, a rogue employee could damage an Office 365 environments in cases where administrators can’t or don’t know to lock the departing employee out of Office 365 before the worker is notified of his or her termination. When the departing employee returns to clean out his or her desk, he or she can also clean out their Exchange inbox (full of vital client emails), personal folders (home to several shared, irreplaceable sales spreadsheets), contacts (filled with vital supplier email addresses) and calendar (where delivery schedules are maintained).

Why Office 365 can’t stop rogue employees

We’ve said it before and we’ll say it again: Microsoft can’t distinguish between “good” employees and “bad” any more than it can distinguish between intentional or accidental commands.

What a rogue employee can cost you

Much like a security breach, a rogue employee can delete all the data in a single Office 365 account. Damages might range from a minor inconvenience to a major impact, which is why organizations need to be vigilant.

How to defend against rogue employees

The most effective defense against rogue employees is also the easiest: Change an employee’s password or suspend an employee’s Office 365 account before firing him. It should be policy that the first person to find out an employee has been terminated should be the HR department, followed by the Office 365 administrator, then followed by the employee. Organizations should also be more proactive in monitoring user behavior on the platform. If an employee is suddenly downloading sensitive information from multiple project sites, outside of normal site usage or historical patterns, that may be a sign of rogue behavior. Regular audits of usage patterns can often identify these kinds of irregularities before they get out of hand.

Oh yeah, and also consider third party cloud-to-cloud backup tools. If an employee goes rogue and begins deleting crucial documents, your company will have a secure, second copy of everything – avoiding a major headache.