The massive wave of layoffs in 2024 introduces a cybersecurity threat that many business owners are overlooking—offboarding employees. Even well-known brands, which one would assume have top-tier cybersecurity measures, often fail to protect themselves adequately from insider threats. This August marks one year since two disgruntled former Tesla employees, after being terminated, went rogue and exposed the personal information—including names, addresses, phone numbers, and Social Security numbers—of over 75,000 individuals, including employees.
And the situation is poised to worsen. According to NerdWallet, as of May 24, 2024, 298 U.S.-based tech companies have laid off 84,600 workers, with numbers still climbing. This includes significant layoffs at major firms like Amazon, Google, and Microsoft, as well as smaller tech start-ups. In total, approximately 257,254 jobs were eliminated in the first quarter of 2024 alone.
Regardless of whether you plan to downsize your team this year, having a proper offboarding process is essential for every business, large or small. It's more than a routine administrative task—it's a critical security measure. Failing to revoke access for former employees can lead to severe business and legal repercussions later.
Some potential issues include:
- Theft of Intellectual Property: Former employees can abscond with your company's files, client data, and confidential information stored on personal devices. They may also retain access to cloud-based applications like social media sites and file-sharing services (e.g., Dropbox or OneDrive) that your IT department may overlook or forget to update passwords for. A study by Osterman Research found that 69% of businesses experience data loss due to employee turnover, and 87% of departing employees take data with them. This information is often sold to competitors, used by them in new roles, or leveraged to start competing businesses. Any way you look at it, it harms your company.
- Compliance Violations: Failing to revoke access privileges and remove employees from authorized user lists can render you noncompliant in heavily regulated industries. This simple oversight can result in substantial fines, hefty penalties, and, in some cases, legal consequences.
- Data Deletion: If a laid-off employee retains access to their accounts and feels wronged, they could delete all their emails and any critical files they can access. Without proper backups, this data could be lost forever. And for those thinking, "I'll sue them!"—while you might be justified, the reality is that the legal costs, time wasted on the lawsuit, efforts to recover the data, and the aggravation and distraction of dealing with it all often outweigh any potential damages you might win in court.
- Data Breach: This may be the most alarming threat. Disgruntled former employees can make you the subject of the next major data breach headline, leading to costly lawsuits. It could be as simple as one click to download, expose, or modify your clients' or employees' private information, financial records, or even trade secrets.
Do you have a robust offboarding process to mitigate these risks? Chances are you don't. A 2024 study by Wing revealed that one in five organizations has indications that some former users were not properly offboarded, and these are the organizations astute enough to detect it.
How can you properly offboard an employee?
- Implement the Principle of Least Privilege: Successful offboarding begins with proper onboarding. New employees should be granted access only to the files and programs necessary for their roles. Documenting this meticulously will simplify the offboarding process.
- Leverage Automation: Your IT team can use automation to streamline the process of revoking access to multiple software applications simultaneously, saving time and resources while reducing the likelihood of manual errors.
- Implement Continuous Monitoring: Employ software that tracks user activity on the company network. This can help identify suspicious behavior by unauthorized users and determine if a former employee retains access to private accounts.
These are just a few ways your IT team can enhance your offboarding process to make it more efficient and secure.
Insider threats can be devastating, and if you think it can't happen to you, think again. Proactive measures are essential to protect your organization.
To find out if any gaps in your offboarding process expose you to theft or a data breach, our team will do a free, in-depth risk assessment to help you resolve it. Call us at 866-214-8324 or click here to book now.
