The extensive layoffs in 2024 have introduced a cybersecurity threat that many business owners are overlooking: the offboarding of employees. Even prominent brands, which you would expect to have robust cybersecurity systems, processes, and procedures, often fail to protect themselves adequately from insider threats. This August marks one year since two disgruntled former Tesla employees, after being let go, exposed the personal information—including names, addresses, phone numbers, and Social Security numbers—of over 75,000 individuals, including employees.
Unfortunately, the situation is anticipated to worsen. According to NerdWallet, as of May 24, 2024, 298 tech companies in the U.S. have laid off 84,600 workers, with numbers still rising. This includes significant layoffs at major companies like Amazon, Google, and Microsoft, as well as smaller tech startups. In total, approximately 257,254 jobs were cut in the first quarter of 2024 alone.
Regardless of whether you need to downsize your team this year, having a proper offboarding process is essential for every business, big or small. It's more than a routine administrative task; it's a critical security measure. Failing to revoke access for former employees can lead to severe business and legal repercussions.
Some of the issues include:
● Theft of Intellectual Property - Employees can abscond with your company's files, client data, and confidential information stored on personal devices. They may also retain access to cloud-based applications like social media sites and file-sharing services (e.g., Dropbox or OneDrive) that your IT department may overlook or forget to update passwords for.
A study by Osterman Research found that 69% of businesses experience data loss due to employee turnover, and 87% of departing employees take data with them. Often, the information you worked hard to gather is sold to competitors, used by them when they are hired by the competition, or used by the former employee to become a competitor. Any way you look at it, it harms you.
● Compliance Violations - Failing to revoke access privileges and remove employees from authorized user lists can render you noncompliant in heavily regulated industries. This simple oversight can result in large fines, hefty penalties, and, in some cases, legal consequences.
● Data Deletion - If an employee feels unfairly laid off and retains access to their accounts, they could easily delete all their emails and any critical files they can access. If that data isn't backed up, you will lose it all.
And for those thinking, "I'll sue them!" Rightfully so, but even if you do sue and win, the legal costs, time wasted on the lawsuit and data recovery, plus the aggravation and distraction of dealing with it all, are often greater than what you might be awarded in damages.
● Data Breach - This could be the most terrifying of all. Disgruntled employees who feel wronged can make you the subject of the next devastating data breach headline and incur a costly lawsuit. It could be as simple as making one click to download, expose, or modify your clients' or employees' private information, financial records, or even trade secrets.
Do you have an airtight offboarding process to mitigate these risks? Chances are you don't. A 2024 study by Wing revealed that one in five organizations has indications that some of their former users were not properly offboarded, and those are just the organizations astute enough to detect it.
How should you properly offboard a client?
● Apply the Principle of Least Privilege - Effective offboarding begins with thorough onboarding. Employees should only be granted access to the files and programs necessary for their roles. Documenting this meticulously will simplify the offboarding process.
● Utilize Automation - Your IT team can employ automation to efficiently revoke access to multiple software applications simultaneously. This saves time and resources while minimizing the risk of manual errors.
● Implement Continuous Monitoring - Deploy software that monitors user activity on the company network. This can help identify suspicious behavior from unauthorized users and determine if former employees still have access to private accounts.
These are just a few strategies your IT team can use to enhance the offboarding process, making it more efficient and secure.
Insider threats can be catastrophic, and believing it won't happen to you is a mistake. Proactive measures are essential to protect your organization.
To find out if any gaps in your offboarding process expose you to theft or a data breach, our team will do a free consult to help you resolve it. Call us at 610-433-1000 or click here to book now.
