The massive wave of layoffs in 2024 has created a serious cybersecurity threat that many business owners are overlooking – offboarding employees. Even big companies with top-of-the-line cybersecurity systems are failing to adequately protect themselves from insider threats. The risk of data breaches and theft of intellectual property increases when former employees retain access to confidential information and files. In August 2023, two disgruntled Tesla employees exposed the personal information – including names, addresses, phone numbers, and even Social Security numbers – of over 75,000 people, including employees after being let go.
This threat is expected to worsen as 298 US-based tech companies have laid off 84,600 workers and counting. This includes major layoffs at big companies like Amazon, Google, and Microsoft, as well as smaller tech start-ups. In total, around 257,254 jobs were eliminated in the first quarter of 2024 alone.
Whether downsizing or not, having a proper offboarding process in place is critical for every business. Failing to revoke access for former employees can lead to serious business and legal implications later.
Some of those issues include:
Theft Of Intellectual Property – Employees can sneak away with YOUR company’s files, client data and confidential information stored on personal devices, as well as retain access to cloud-based applications like social media sites and file-sharing sites (Dropbox or OneDrive, for example) that your IT department doesn’t know about or forgets to change the password to.
A study by Osterman Research revealed that 69% of businesses experience data loss due to employee turnover, and a staggering 87% of employees who depart take sensitive data with them. Most often, the information you worked hard to gather is sold to competitors, used by them when they’re hired by the competition, or used by the former employee to BECOME a competitor.
Compliance Violations – Failure to revoke access privileges and remove former employees from authorized user lists can register you as noncompliant in heavily regulated industries. This simple mistake can result in large fines, hefty penalties, and, in some cases, legal consequences.
They DELETE Everything – If an employee feels unfairly laid-off and retains access to their accounts, they could easily delete ALL of their e-mails and any critical files they can get their hands on. If that data isn’t backed up, you will lose it ALL.
And for those thinking, “I’ll sue them!” Rightfully so, but even if you do sue them and win, the hard reality is that the legal costs, time wasted on the lawsuit and recovering the data, plus the aggravation and distraction of dealing with it all, are greater costs than what you might get awarded if you win the lawsuit and might collect in damages.
Data Breach – This could be the most terrifying of all. Unhappy employees who feel they have been wronged can make you the star of the next devastating data breach headline and incur a costly lawsuit to go with it. It could be as simple as making one click and downloading, exposing, or modifying your clients’ or employees’ private information, financial records, or even trade secrets.
Do you have an airtight offboarding process to curb these risks? Chances are, you don’t. A 2024 study by Wing revealed that one out of five organizations has indications that some of their former users were not properly offboarded, and those are the people who were astute enough to detect it.
How DO you properly offboard an employee?
Implement The Principle Of Least Privilege – Successful offboarding starts with proper onboarding. New employees should ONLY be given access to the files and programs they need to do their jobs. This should be meticulously documented to make offboarding easier.
Leverage Automation – Your IT team can help use automation to streamline revoking access to multiple software applications simultaneously, saving time and resources while reducing the likelihood of manual errors.
Implement Continuous Monitoring – You can implement software that tracks who is doing what and where on the company network. This can help you identify suspicious behavior by an unauthorized user and help you determine if a former employee retains access to private accounts.
These are only a few ways your IT team can help improve your offboarding process to make it more efficient and secure.
Insider threats are a significant risk to businesses, and it is crucial to protect against them. Regardless of how secure you may believe your organization is, taking proactive measures to protect it is essential. Our team can provide a free, in-depth risk assessment to identify any gaps in your offboarding process that may expose you to data theft or breaches. Contact us at 847-906-5005 or click here to book now.