Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.


333 West San Carlos Street
San Jose, California 95110
United States


ChannelPro Network Awards

hello 2
hello 3


November 10, 2021 | Joy Belinda Beland

Insider Threat: IT Sabotage within the MSP Industry

Being aware of the predisposition characteristics and following best practices can help MSPs prepare for and mitigate this type of insider threat.

HAS YOUR MSP ever employed a technical person who had conflicts with or bullied fellow workers? Complained to competitors about work-related issues but refused to confront supervisors due to “”shyness””? Had serious personality conflicts, difficulties controlling anger, or exhibited other unprofessional behavior? Had trouble conforming to rules (for example: a history of arrests, security violations, or misuse of travel, time, and/or expenses)?

If so, your MSP has experienced the predisposition characteristics of an employee who would commit IT sabotage, according to the traits outlined in the Carnegie Mellon SEI CERT Guide to Insider Threats

IT sabotage is one type of insider threat, a security domain of growing importance and attention. In an informal poll on LinkedIn, 20% of respondent MSPs claimed they had active employees who committed IT sabotage.

The first step to mitigation is knowing what to look for. In the MSP world, these predispositions often take on additional subtle or anonymous behaviors:

  • Bad anonymous reviews about the company, the CEO, or the service department manager show up on Glassdoor, Yelp, Indeed, or other well-known sites.
  • Your clients mention that your technician is saying negative things about your MSP or soliciting direct work.
  • You hear of gossip or insubordinate behavior in front of other staff members, but they won’t admit it when you speak to them.

When any of these behaviors are identified, it’s important to determine who is disgruntled and why. Often this is from unmet expectations on the part of the employee. Did they get passed over for a promotion? Are they working unreasonable hours? Do they feel blamed unfairly for a breach or error? Were they expecting a pay increase? Do they lack autonomy? Is the role too structured for their personality? Are they reporting to someone they don’t respect? 

Don’t guess what the precursor or cause of disappointment is; it is important to know specifically. If the conversation has not yet taken place, then asking a lot of questions in a safe, private environment will help that employee feel heard. Having an open conversation with HR or management, without fear of reprisal or negative consequences, can help avoid an out-of-control escalation.

Be sure to have a clear, consistent message of what the organizational policies and controls are so that there is no misperception by the employee that injustice is occurring. In reviews of historical IT sabotage cases, many disgruntled workers felt that star employees were given special treatment.

Train your supervisors what to watch for and encourage private, confidential reporting with your employees. This will help to build trust and keep the staff aligned on how to handle it when a co-worker starts showing signs of distress. When someone reports bad behavior from another employee, take it seriously and employ a consistent response.

If the employee’s unhappiness is due to pending termination or disciplinary action, note that most IT sabotage occurs after termination. Therefore, IT, HR, and physical security must work together and follow best practices to help mitigate damage from a departing employee:

  • IT should disable system access immediately, after double checking the backups, log protection, and known access paths are closed off for access by that user account.
  • HR should review the NDA and company property or acceptable use policies with the employee at the time of termination, setting an expectation that the policies will be upheld, and notify the employee that access to the system is being removed, so there are no surprises.
  • HR should retrieve keys, key cards, and any other building or system access devices.
  • Physical security should escort the employee out of the building after accompanying them to their desk to retrieve their belongings.
  • After termination, HR, IT, and physical security should review the offboarding checklist for completeness and improvement.

While IT sabotage can be scary to manage and mitigate, preparing for this type of insider threat can have a large ROI.

JOY BELINDA BELAND, CISM, SSAPs, CMMC PI PA, specializes in innovative and engaging cybersecurity training and education.

Editor’s Choice

Midwest MSPs Treated to Personal Stories, Compelling Demos, and More at ChannelPro LIVE: Columbus Show

June 7, 2024 |

Ohio technology professionals joined ChannelPro to share business best practices at the area’s first-of-its-kind event.

Asigra Makes a Splash with New SaaS App Data Backup Platform

June 3, 2024 |

Asigra’s new SaaSAssure platform offers MSPs comprehensive, secure, and easy-to-use backup solutions for SaaS apps, addressing a critical market need and providing an unparalleled opportunity for revenue.

Peer to Peer: John Kampas on Why EMPIST Thrives — Plus, 1 Mistake Too Many MSPs Make

May 31, 2024 | John Kampas

How prioritizing customer protection and technological empowerment helped EMPIST evolve into a “managed technology provider” with an international presence.

MSPs React to Comprehensive, Aggressively Priced Kaseya 365

May 1, 2024 |

Hear from MSP peers on the launch of the new Kaseya 365 program — designed to provide a crucial package of tech services at an affordable monthly price.

Related News

Growing the MSP

Explore ChannelPro


Reach Our Audience