Best data security practices when offboarding employees

November 5, 2020 | Bernard Brode

This blog was written by an independent guest blogger.

In times long gone, disgruntled former employees could only do so much damage to your company, and relatively little at all to your data security. In the fast-moving world of the 21st century, however, it’s a different story. Costly data breaches and devastating thefts have been undertaken in recent years by dissatisfied staff members released from their job duties.

In fact, major data breaches caused by angry ex-employees even prompted an FBI report on the matter, with the risks posed by former staff members on an incline which has left CEOs feeling worried, vulnerable, and searching for reliable solutions.

Make no mistake, offboarding employees is currently a situation which presents a considerable data security risk. If you’re wondering what to do when it comes to releasing a staff member who has access to sensitive material, or are concerned that former staff members still have access to your data, you’re far from alone. In this article, we’re going to look at the nature of this major issue, as well as presenting some essential best practices for avoiding the potential catastrophes this situation can create.

Offboarding employees: Where does the data security risk lie?

Most of us are aware of the risks associated with hackers and bad agents from the outside trying to access your data. We’re familiar with best practices for password security, and how to avoid the kind of common pitfalls that come with handling sensitive data on a daily basis. With the rise of pandemic-inspired remote work, a major data exposure risk now comes from improper vetting of outsourced hires. This used to be a smaller problem, but as outsourcing has increased exponentially, so has the potential to suffer a breach from the “outside” inside workforce. 

Dealing with these employees turned threats (or at least potential threats) who still possess passcodes, knowledge, and have recently added the potential motive to do harm is a scenario most companies find themselves relatively unprepared to deal with.

The greatest risk? Quite simply, the loss or theft of the most sensitive corporate data stored in your systems. Dissatisfied or angry ex-employees often have the motivation to steal this kind of data and use it to blackmail your organization or sell it to the highest bidder on the Dark Web. If you think this would never happen in your company, think again. A Cyber-Ark survey found that no less than 88% of IT employees would consider stealing sensitive data if they were fired - which should be a worrying statistic to business owners and managers who care about data security!

All of this makes one thing abundantly clear. An effective, thorough, and formal offboarding process is essential for avoiding this eventuality. Studies have shown that nearly 90% of employees are capable of accessing sensitive data long after they’ve been dismissed. Very few companies currently have an offboarding procedure to tackle this issue.

Let’s take a closer look at the five essential steps for an effective and efficient offboarding strategy, one that significantly decreases your chances of a data security incident.

Create a foolproof checklist for employee offboarding

No matter what process you end up implementing, your offboarding strategy should be carefully planned and meticulously followed. By creating a checklist of steps for offboarding, you ensure that nothing is overlooked or forgotten, and risk can be mitigated accordingly. This requires a fully trained HR department that is aware of these essential steps.

Examples of a comprehensive strategy might include:

  • Conducting exit interviews
  • Revoking access to cloud services, email servers, and all corporate accounts
  • Reminding the employee of the consequences of data theft
  • Disabling Active Directory accounts, and ensuring they are deleted within a short time frame
  • Changing passwords

Keeping concise IT inventories

Inventory keeping is an important best practice for any organization and is especially relevant when it comes to avoiding data security breach risks posed by ex-employees. You’ll need to gather all company assets from the former employee and use your current inventory list (you’ve got one of those, right?) to prevent overlooking anything. At this point, everything matters - USB sticks, key cards, etc.

Keep IT personnel in the loop

Data security breaches commonly result from poor communication between team members. By ensuring that all IT personnel are aware and fully informed of any upcoming terminations, they’ll be able to monitor any suspicious activity or unusual actions leading up to the departure date.

Your HR department should also make sure that accounts are terminated swiftly and passwords are changed immediately after the employee has been informed of their dismissal. This is not the time to worry about hurt feelings or seeming like Darth Vader. Your company’s most valuable asset (data) is at stake. It’s okay to be a little heavy-handed.

Deprovision data and account access immediately

One of the most important stages of employee onboarding is deprovision. You can, of course, do this manually. However, most security-conscious organisations now use management solution programs in order to save time and reduce the likelihood of human error and oversight. Privileges need to be revoked, access needs to be blocked, and former accounts need to be closed or blocked in order to avoid breach or theft surprises.

Keep an eye on computer activities

It goes without saying that the days leading up to a termination are peak moments for data theft, especially if the employee knows that they are on their way out. Your IT department should be informed of the upcoming termination sooner rather than later and instructed to keep a close eye on all computer activities related to the employee. Anomalous, unusual, or suspicious behaviour should be logged and monitored. This includes:

  • Reviewing internet history
  • Tracking application usage
  • Reviewing logon activity, both in-house and remotely, for unknown devices or unusual locations
  • Monitoring all emails sent and received
  • Careful tracking of file transfers, especially to external hardware

By keeping a close eye on these kinds of activities, serious data breaches can be detected before any actual theft has taken place.

Disgruntled employees: A very real threat for data security

Unhappy employees embittered by looming terminations present significant data security threats. It’s becoming less rare of an instance that they resort to data theft in order to exact revenge or hold influence over their former employers. By meticulously managing each step of the offboarding process and leaving nothing to chance, your organization can significantly reduce this threat.

Bernard Brode

About the Author: Bernard Brode

Bernard Brode is a product researcher at Microscopic Machines and eternally curious about where the intersection of AI, cybersecurity, and nanotechnology will eventually take us.

Read more posts from Bernard Brode ›

‹ BACK TO ALL BLOGS

Get the latest security news in your inbox.

Subscribe

RSS

Get price Free trial