The massive wave of layoffs sweeping across industries has inadvertently created a cybersecurity vulnerability that many business owners are overlooking – the critical process of offboarding employees. Even corporate giants that you would expect to have top-of-the-line cybersecurity systems fail to adequately protect themselves from insider threats.
This August marks a year since Tesla, a company synonymous with cutting-edge technology, faced a severe breach. Two former employees, disgruntled after their termination, exploited their lingering access to expose sensitive information – including names, addresses, phone numbers and even the Social Security numbers of over 75,000 individuals, including current employees. \
And, of course, the issue is expected to get worse. According to NerdWallet, as of May 24, 2024, 298 US-based tech companies have laid off 84,600 workers and counting. This includes major layoffs at big companies like Amazon, Google and Microsoft, as well as smaller tech start-ups. In total, around 257,254 jobs were eliminated in the first quarter of 2024 alone.
Whether or not you’ll need to downsize your team this year, having a proper offboarding process in place is essential to your business, big or small, because it’s more than a routine administrative task – it’s a critical security precaution. Failing to revoke access for former employees can lead to serious business and legal implications later.
The risks associated with inadequate offboarding are multifaceted and potentially catastrophic:
-
Theft Of Intellectual Property – Employees can sneak away with YOUR company’s files, client data and confidential information stored on personal devices, as well as retain access to cloud-based applications like social media sites and file-sharing sites (Dropbox or OneDrive, for example) that your IT department doesn’t know about or forgets to change the password to.
The scale of this problem is alarming. A study by Osterman Research revealed that 69% of businesses experience data loss due to employee turnover, with 87% of departing employees taking data with them. Often, this valuable information finds its way to competitors, either through direct sale, used by the employee in their new role with a rival company, or to establish their own competing venture. Any way you cut it, it screws YOU.
-
Compliance Violations – In industries subject to stringent regulations, failing to revoke access privileges and remove employees from authorized user lists can register you as noncompliant. This simple mistake can result in large fines, hefty penalties and, in some cases, legal consequences, potentially tarnishing the company’s reputation and eroding stakeholder trust.
-
They DELETE Everything – If an employee feels unfairly laid-off and retains access to their accounts, they could, vindictively, delete ALL of their e-mails and any critical files they can get their hands on. If that data isn’t backed up, you will lose it ALL. And for those thinking, “I’ll sue them!” Rightfully so, but even if you do sue them and win, the hard reality is that the legal costs, time wasted on the lawsuit and recovering the data, plus the aggravation and distraction of dealing with it all, are greater costs than what you might get awarded if you win the lawsuit and might collect in damages.
-
Data Breach – Perhaps the most terrifying prospect is the potential for a large-scale data breach. Unhappy employees who feel they have been wronged can download, expose, or modify sensitive information. This could include clients’ personal data, financial records, or even trade secrets. The consequences of such a breach extend far beyond immediate financial losses, potentially leading to devastating lawsuits, irreparable damage to the company’s reputation, and long-term erosion of customer trust.
Do you have an airtight offboarding process to curb these risks?
A 2024 study by Wing revealed that one out of five organizations has indications that some of their former users were not properly offboarded. More alarmingly, this statistic only accounts for the organizations astute enough to detect such irregularities, suggesting that the actual number of vulnerable businesses could be significantly higher.
How DO you properly offboard an employee?
-
Implement The Principle Of Least Privilege – Effective offboarding starts with proper onboarding. New employees should ONLY be given access to the files and programs they need to do their jobs. This should be meticulously documented to make offboarding easier when the time comes.
-
Leverage Automation – Your IT team can help use automation to streamline revoking access to multiple software applications simultaneously, saving time and resources while reducing the likelihood of manual errors.
-
Implement Continuous Monitoring – You can implement software that tracks who is doing what and where on the company network. This can help you identify suspicious behavior, potentially flagging unauthorized access by former employees who may have retained access to private accounts.
These strategies represent just a fraction of the ways in which IT teams can enhance the offboarding process, making it both more efficient and secure.
Insider threats can be devastating, and they are not a hypothetical scenario – it’s a very real and present danger that no organization can afford to ignore. You have to be proactive.
To find out if you have any gaps in your offboarding process that could expose you to theft or a data breach, our team will do an in-depth risk assessment. Book a 15-minute discovery call to get started.
