This year’s wave of layoffs has brought an often-overlooked cybersecurity threat to the forefront – offboarding employees. Even large companies with sophisticated cybersecurity systems and procedures can fall victim to insider threats. Just last August, two disgruntled Tesla employees who were let go exposed the personal information of over 75,000 people, including employees. They revealed names, addresses, phone numbers, and even Social Security numbers.
And the problem isn’t going away. According to NerdWallet, as of May 24, 2024, 298 US-based tech companies laid off 84,600 workers and counting. This includes major layoffs at companies like Amazon, Google, and Microsoft, as well as smaller tech start-ups. In total, around 257,254 jobs were eliminated in the first quarter of 2024 alone.
Whether or not you’ll need to downsize your team this year, having a proper offboarding process in place is crucial for every business, big or small. It’s more than a routine administrative task – it’s a critical security precaution. If you fail to revoke access for former employees, you could face serious business and legal implications.
Here are some issues you might face:
Employees can walk away with your company’s files, client data, and confidential information stored on personal devices. They might also retain access to cloud-based applications like social media sites and file-sharing services (like Dropbox or OneDrive) that your IT department doesn’t know about or forgets to change the password to.
A study by Osterman Research revealed that 69% of businesses experience data loss due to employee turnover, and 87% of employees who leave take data with them. Most often, the information you worked hard to gather is sold to competitors, used by them when they’re hired by the competition, or used by the former employee to become a competitor. Any way you cut it, it’s a loss for you.
Failing to revoke access privileges and remove employees from authorized user lists can register you as noncompliant in heavily regulated industries. This simple mistake can result in large fines, hefty penalties, and, in some cases, legal consequences.
If an employee feels unfairly laid off and retains access to their accounts, they could easily delete all their emails and any critical files they can get their hands on. If that data isn’t backed up, you will lose it all.
And if you’re thinking, “I’ll sue them!” – that’s an option, but even if you win, the legal costs, time wasted on the lawsuit, the effort of recovering the data, plus the aggravation and distraction of dealing with it all, are greater than what you might get awarded.
This could be the most terrifying of all. Unhappy employees who feel they have been wronged can make you the star of the next devastating data breach headline and incur a costly lawsuit to go with it. It could be as simple as making one click and downloading, exposing, or modifying your clients’ or employees’ private information, financial records, or even trade secrets.
Do you have an airtight offboarding process to curb these risks? Chances are, you don’t. A 2024 study by Wing revealed that one out of five organizations have indications that some of their former users were not properly offboarded, and those are the people who were astute enough to detect it.
How DO you properly offboard an employee?
These are just a few ways your IT team can help improve your offboarding process to make it more efficient and secure.
Insider threats can be serious, and it’s important to recognize that they can happen to anyone. Taking proactive steps to protect your organization is essential.
To find out if any gaps in your offboarding process expose you to theft or a data breach, our team will do a free, in-depth risk assessment for qualified companies to help you resolve it. Call us at 505-792-2375 or click here to book a 10-minute phone call consultation.
