The massive wave of layoffs in 2024 has introduced a cybersecurity threat that many business owners are overlooking: the offboarding of employees. Even well-known brands, which you would expect to have top-tier cybersecurity measures, often fail to adequately protect themselves from insider threats. This August marks a year since two disgruntled Tesla employees, after being let go, exposed personal information—including names, addresses, phone numbers, and Social Security numbers—of over 75,000 individuals, including employees.
And the issue is likely to worsen. According to NerdWallet, as of May 24, 2024, 298 U.S.-based tech companies have laid off 84,600 workers and counting. This includes major layoffs at companies like Amazon, Google, and Microsoft, as well as smaller tech start-ups. In total, approximately 257,254 jobs were eliminated in the first quarter of 2024 alone.
Whether or not you plan to downsize your team this year, having a proper offboarding process is essential for every business, big or small. It's more than just a routine administrative task—it's a critical security measure. Failing to revoke access for former employees can lead to serious business and legal consequences.
Some of these issues include:
- Theft of Intellectual Property: Employees can walk away with your company's files, client data, and confidential information stored on personal devices. They may also retain access to cloud-based applications like social media sites and file-sharing services (e.g., Dropbox or OneDrive) that your IT department might overlook or forget to change passwords for. A study by Osterman Research revealed that 69% of businesses experience data loss due to employee turnover, and 87% of employees who leave take data with them. Often, this information is sold to competitors, used by them when hired by the competition, or used by the former employee to become a competitor. Any way you slice it, it hurts your business.
- Compliance Violations: Failing to revoke access privileges and remove employees from authorized user lists can render you noncompliant in heavily regulated industries. This simple mistake can result in large fines, hefty penalties, and, in some cases, legal consequences.
- Data Deletion: If a laid-off employee retains access to their accounts, they could easily delete all their emails and any critical files they can access. If that data isn't backed up, you will lose it all.
For those thinking, "I'll sue them!"—while that may be justified, even if you win the lawsuit, the legal costs, time spent, and effort to recover the data, plus the aggravation and distraction, often outweigh any damages you might be awarded.
- Data Breach: This could be the most terrifying of all. Unhappy employees who feel wronged can make you the subject of the next devastating data breach headline and incur a costly lawsuit to go with it. It could be as simple as making one click to download, expose, or modify your clients' or employees' private information, financial records, or trade secrets.
Do you have an airtight offboarding process to mitigate these risks? Chances are you don't. A 2024 study by Wing revealed that one in five organizations has indications that some of their former users were not properly offboarded, and those are the ones astute enough to detect it.
How do you properly offboard an employee?
- Implement the Principle of Least Privilege: Successful offboarding starts with proper onboarding. New employees should only be given access to the files and programs they need to do their jobs. This should be meticulously documented to make offboarding easier.
- Leverage Automation: Your IT team can use automation to streamline the revocation of access to multiple software applications simultaneously, saving time and resources while reducing the likelihood of manual errors.
- Implement Continuous Monitoring: You can deploy software that tracks user activity on the company network. This can help you identify suspicious behavior by an unauthorized user and determine if a former employee retains access to private accounts.
These are just a few ways your IT team can improve your offboarding process to make it more efficient and secure.
Insider threats can be devastating, and if you think this can't happen to you, think again. Proactively protecting your organization is essential.
To find out if any gaps in your offboarding process expose you to theft or a data breach, our team will do a free consult to help you resolve it. Call us at 916-884-0040 or click here to book now.