This guest post was contributed by Candid Wüest, VP of Global Research at Acronis.
Downsizing. Reorganizing, Evaluating current staffing needs.
Whatever a company calls laying off employees, those let-go employees are likely to call it “unfair.” When people feel they’ve been wronged, they tend to lash out. Retribution could be in the form of divulging company secrets, leaking usernames and passwords to sensitive online accounts, data theft or sabotage. This is known as an insider threat.
On the flip side, insider threats could be completely unintentional. Carelessness with usernames and passwords to still-active accounts is one example of a non-malicious, yet just-as-harmful insider threat.
What these two scenarios have in common is that IT and security teams shouldn’t discount employee turnover and the holes each departure potentially poses to company security. Especially as finance departments everywhere are dousing expenses and, as a result, cutting staff, CISOs and CSOs must enact security protocols amid increasing employee departures.
Limit Data Access at the Start
Zero trust is not a new school of thought, but the insider threats it prevents from recently departed employees may not have always been listed among its benefits. Employees should only have access to documents, online portals, etc. that are crucial to their job functions. This limits the reach of any singular employee, making threat containment easier and faster in the case of phishing, ransomware and insider attacks or breaches.
IT administrators can send email blasts every morning reminding employees to not grant access to company accounts to their colleagues without IT’s knowledge; however, people are still likely to share logins and passwords for convenience’s sake. That’s why IT should make it as seamless as possible – yet still rigorous – for employees to gain access to the portals, clouds and applications they need. Devise a way to centrally control and monitor who has access to what. This way, when an employee departs, their access to everything is completely revoked.
Invest in Data Loss Prevention
Data loss prevention (DLP) detects when a user attempts to share, send or download company information in an unauthorized manner. DLP observes user behavior and flags suspicious activity to IT administrators. Even without the proverbial watercooler in today’s hybrid workforce, an employee usually gets a sense when they’re not long for the company. DLP can head off any attempts to intentionally sabotage the company and share secrets.
The Logistical Side of Offboarding
Before human resources delivers the unfortunate news, IT should already have a head start on deactivating the to-be-laid-off employees’ work accounts and locking them out of company-issued devices and company premises. It sounds harsh, but after employees hear the words “You’ll no longer be working here,” IT should have already rescinded their access to company data.
A major challenge is that IT teams are looped in hours – or even days – after an employee departs. The order of operations should be that IT teams are on the case before an employee departs. Especially for remote employees when the company can’t immediately collect the company-issued device, it’s imperative to brick laptops, tablets and smartphones the former employee used for work purposes.
Security Planning to Limit Insider Threats
Ransomware schemes are one of the most profitable cybercrimes, and no operating system is safe as criminals are expanding their schemes to Linux and Mac.1 Ransomware gangs and independent actors become more dangerous when they have a disgruntled person on the inside providing them access. Payouts offered by ransomware groups are appealing, especially to jilted former employees. Anti-ransomware software goes a long way to protecting your data, but security leaders must supplement these tools with sound security basics like zero trust, DLP and nailing down the technology logistics of employee offboarding.
CSOs and CISOs are overlooking glaring red flags if they’re not considering the threats posed by their newly departed coworkers. Whether malicious or accidental, threats posed from within the company should be just as a priority as cybercriminals attempting to connive their way in. While employee turnover is largely seen as a human resources matter, advocate for your IT and security teams to have a seat at the table.
1Acronis, “Acronis Cyberthreats Report 2022”
###