Insider cyberthreats are always an issue during layoffs — but with record numbers of home-office workers heading for the unemployment line, it has never been harder to maintain cybersecurity during offboarding.
Business disruption and the financial toll brought on by the COVID-19 has forced many companies, large and small, to let go of staff. In fact, more than 40 million Americans have filed for unemployment in the past 10 weeks, with cuts hitting major companies including Boeing, IBM, and United Airlines.
How can security managers ensure data doesn’t walk out the door with a departing employee? Here are 10 recommendations to keep the layoff process secure.
Update Planning for Remote Employees
With so many people working from home amid the pandemic, many terminations will affect employees who are not physically in an office. Handling their access control and other unique requirements may be new territory for some security managers.
“Unless controls were updated during the first phase of work-from-home, it’s likely that the process governing employee separations wasn’t changed to address how laptops, door badges, mobile phones, and any data on USB drives might be handled when there is no IT department to return corporate assets to.
Ensure Communication Is Clear
The messaging regarding terminations that take place virtually will also need to be tailored to consider distance. Clearly communicate to remote laid-off workers your expectations about stopping the use of company devices.
“They should be made aware that upon the conclusion of their employment that no company data should be accessed via any device. The risks associated with this scenario should be minimal when utilizing a good ‘run sheet’ and where data is stored in company-controlled locations.”
Put an IP Security Clause in Employment Contracts
It may go without saying, but any solid security strategy means you have implemented data security practices before any staff trims begin.
“Many employment contracts should have a strict IP clause and include specific language regarding the treatment of confidential data while working for and upon leaving your company.”
Conduct Regular IP Compliance Training
In addition to ensuring that language is included in contracts before employees even start their job, good data security practice also means regular compliance training for all employees on handling sensitive data and a well-maintained inventory of all equipment and devices issued during the employee’s tenure.
“All of these aspects should be reviewed in the exit interview along with any social media accounts which need to be switched over to the people manager, who should confirm all privileges are turned off quickly after offboarding.”
Assemble Your Team of Stakeholders
Security managers need to be at the table at the outset of any plans for termination. Human resources and legal will obviously be involved, too.
“It is imperative that HR ensures business leaders are connecting with their team and fostering strong personal relationships. Communication between teams needs to be clear on what the impact of an employee’s departure will have on stakeholders, processes, and systems.”
Assign an Independent Assurance Manager
In addition to HR, a cross-functional project team with representation from business and technology needs to support the security team to successfully manage risk.
“Appointing an independent assurance manager within the project team is a critical role. This person is on point to complete checklists and sign off that actions are completed.”
Choose Your Decommissioning Path Wisely
While security executives are on the same page about the importance of locking down a laid-off employee’s network access, their approach regarding how it should be handled differs.
“Don’t rush to cut access or push people out without the ability to collect personal files. If you all of a sudden start treating your employees poorly, you should prepare for damage to be done to your company.”
But others were of the opinion that terminated employees should be immediately locked out of systems to prevent retaliatory behavior.
“When it comes to offboarding and protecting corporate IP, timing is everything. The termination process should be orchestrated to eliminate opportunities for staff to steal or destroy data. Corporate access should be disabled at the exact time that the employee is informed of the termination.”
For high-risk staff, proactively enabling additional monitoring via solutions like user and entity behavior analytics (UEBA) could alert to any suspicious activity before the employee’s actual termination date.
Get Promises in Writing On the Way Out, Too
While people are only as good as their word, and may not live up to it, it’s still important to have documentation of security expectations when they are heading out the door, even if that was part of the initial employment contract.
“Security managers should work with HR to ensure that employees sign a statement during offboarding that reminds them of their confidentiality obligations and that attests that they are not taking any confidential information with them, including on their personal devices.”
Keep Surrendered Equipment Intact
It is also recommended that organizations not be too quick to reformat or recycle laid-off workers’ equipment.
“If the employee is leaving for a competitor, the organization may want to retain the employee’s equipment for forensic analysis in case evidence emerges suggesting that the employee may have left with confidential information.”
Look After a Security Team That Might Be Burning Out
While layoffs are difficult for those who are losing their jobs, it is also hard on those left behind. Keep an eye on your security team and ensure they have the support they need during trying times.
“In any layoff situation, security needs to have the bandwidth to look at more alerts, dig into more data, and address more risks in a very compressed time frame. Ensure your team is supported to do this work with the right backups and support in place.”
Right in your email inbox
Useful data from iRangers Experts
Subscribe to our mailing list and get interesting updates and tips.
Thank you for subscribing.
Something went wrong.