Employee offboarding: why
companies must close a crucial gap in their security strategy
There are various ways a
departing employee could put your organisation at risk of a data breach. How do
you offboard employees the right way and ensure your data remains safe?
Phil Muncaster
The COVID-19 pandemic has created the perfect conditions for insider risk. Financial crises have in the past led to a spike in fraud and nefarious activity, and it’s reasonable to assume that the wave of job losses and uncertainty that emerged in early 2020 did the same. At the same time, companies have never been more exposed, through extensive supply chains and partnerships, and their remote working and cloud infrastructure – much of which was built up in response to the pandemic.
The bottom line is that, by
design or accident, employees on their way out of the door may end up causing
significant financial and reputational damage if the risks are not properly
mitigated. The cost of insider-related
incidents spiked 31
percent between 2018 and 2020 to reach nearly US$11.5 million. That makes
effective offboarding processes an essential part of any security strategy –
yet one that’s too often overlooked.
Can (departing) employees be trusted?
The corporate attack surface is often viewed through a lens of external threat actors. But it can also be abused by internal employees. Cloud-based applications, data stores and other corporate networked resources can be accessed today in many organizations from virtually any device, anywhere. This has become essential to supporting productivity during the pandemic, but it can also make it easier for employees to circumvent policies unless the right controls are in place. Unfortunately, research suggests that many (43 percent) organizations don’t even have a policy that forbids staff taking work data with them when they leave. Even more concerning, in the UK, only 47 percent revoke building access as part of offboarding and just 62 percent reclaim corporate devices.
Additionally, separate
data finds that nearly
half (45 percent) download, save, send or exfiltrate work-related documents
before leaving employment. This happens most frequently in the tech, financial
services and business, consulting and management sectors.
Why does it matter?
Whether they take data with them to impress a new employer, or steal or delete it as the result of a grudge, the potential impact on the organization is severe. A serious data breach could lead to: · Investigation, remediation and clean-up costs · Legal costs stemming from class action lawsuits · Regulatory fines · Brand and reputational damage · Lost competitive advantage
In one recent case, a credit union employee pleaded guilty to destroying 21GB of confidential data after she was fired. Despite a colleague requesting that IT disable her network access during offboarding, it was not done in time and the individual was able to use her username and password to access the file server remotely for around 40 minutes. It cost the credit union US$10,000 to fix the unauthorized intrusion and deletion of documents.
How to create
more secure offboarding
Many of these threats could
have been better managed if the organizations involved had put in place more
effective offboarding processes. Contrary to what you might think, these should
begin well before an employee signals their intent to resign, or before they
are fired. Here are a few tips:
Clearly
communicate policy: An estimated
72 percent of office workers apparently think the data they create at work belongs to them.
This could be anything from client lists to engineering designs. Helping them
understand the limits of their ownership of IP, with clearly communicated and
formally written policy, could prevent a great deal of pain down the line. This
should be part of any onboarding process as standard, along with clear warnings
about what will happen if staff break policy.
Put
continuous monitoring in place: If an unscrupulous employee is going to steal information prior to
leaving your company, they’re likely to begin doing so well before they notify
HR of their job move. That means organizations must put in place monitoring
technologies that continuously record and flag suspicious activity—whilst of
course observing local privacy laws and any employee ethical concerns.
Have a policy and process ready and waiting: The best way to ensure seamless and effective offboarding of every employee is to design a clear process and workflow ahead of time. Yet while nearly all organizations have an onboarding process, many forget to do the same for departing staff. Consider including the following: · Revoke access and reset passwords for all apps and services · Revoke building access · Exit interview to check for suspicious behavior · Final review of monitoring/logging tools for evidence of unusual activity · Escalate to HR/legal if suspicious activity is detected · Reclaim any physical corporate devices · Prevent email forwarding and file sharing · Reassign licenses to other users
As organizations gear up to
face the post-pandemic world, competition for customers will be fiercer than
ever. They can little afford valuable IP walking out of the door with departing
employees, or the financial and reputational damage that could result from a
serious security breach. Offboarding is one small piece of the security puzzle.
But it’s a critically important one.