Why data security should be a key element of your company offboarding exercise

Summary

• Safeguard sensitive information from offboarding employees who might abuse their access.
• Discover who has access to the departing employee’s shared data.
• Identify preventative measures to avoid data breaches.
• Create an offboarding checklist that includes the technical departure of your employee.
• Deploy discovery tools that automatically classify data based on its sensitivity and understand their functional and deployment requirements that meet your needs.
• Don’t underestimate the importance of including a data security process  in your company Offboarding Checklist.

Information Technology & Security must be part of the offboarding process

A data breach caused by a former employee, whether intentionally or accidentally, can cause millions of dollars in remediation and the loss of your customers’ trust. These unintentional or malicious attacks can take up to 200 days to be detected and even more time for a company to repair the damage caused by the business data loss. The Netwrix 2018 IT Risks Report found that between 40% to 50% of “threat actors” responsible for damage, intellectual property theft, security breaches, and data loss are regular business users. That makes your departing employee more dangerous than any hacker. According to a survey conducted by OneLogin, 20% of the organizations surveyed have experienced data breaches by former employees and over 50% of Ex-Employees Still Have Access to Corporate Applications.

In the past, voluntary departures or forced terminations largely were handled by an employee’s direct manager and the HR department. Today, however, it is important also for business owners to  account for the technical offboarding of employees and safeguard sensitive information from those who might abuse their level of corporate network access . It is important for IT and HR departments to align offboarding processes and policies negating the risks of potential malicious behaviors post-termination. For example, while it is commonplace for employees to receive an overview from HR of their lapsing financial and medical benefits, revoking access to internal and external systems is often an afterthought by IT.

Does anyone know which cloud-based data is accessible by the departing employee, or how that data is shared? Some questions to ask:

• Does the employee have access to our financial information from outside of his company account?
• Did the employee share documents to personal email or external accounts?
• Did the employee download an unusually large amount of files?

Precautionary measures to avoid data breaches

Your offboarding process starts when you onboard the new employee. To make the offboarding process as easy, seamless and secure as possible there are some precautionary steps you can take:

• Policies about forwarding information. Educate your employees on a regular basis about the rules for proper sharing and forwarding of data that may contain sensitive information.
• Set up a least privilege model. Allow employees access only to accounts that are essential to perform their work.
• Offboarding Plan - Develop a cohesive offboarding model. Make IT’s job easier by having a structured and automated approach to offboarding.
• Protect sensitive data. Develop and enforce policies that prevent sensitive information from being shared during offboarding.
• Create detailed audit logs. Security certifications often require releasing audit logs after an employee leaves an organization.
• Strictly enforce company security policies. Ensure that employees are not creating any backdoors or using non-sanctioned software to store and or share files via personal dropbox or email accounts.
• Put proper data security tools in place. Make sure IT has the tools necessary to have full visibility and control over your cloud-based collaboration tools. IT must have full visibility into and full control over all documents and data on your cloud-based collaboration software, with a granular level of detail about how these documents are shared and accessible.

Functional and deployment requirements for data discovery tools

Here is an overview of the functional and deployment requirements recommended for tools that automatically classify data based on its sensitivity.

Functional Requirements:

• Alert on sensitive data being exposed externally or publicly through links.
• Behavioral Analysis to detect Anomalous file downloads.
• Detection of personal accounts used to send sensitive documents.
• Policy actions such as ‘remove public shares of sensitive data’ or ‘restrict to view-only’.
• Single-click access removal for departing employees.

Deployment Requirements:

• API controls for cloud apps.
• Agent-less integration for all devices - guarantee coverage from all methods of data access.
• No inline networking devices to deploy - guarantee coverage inside or outside of the office.
• No maintenance-heavy software to deploy - IT is already burdened with endpoint software management, avoid adding to this challenge.

Your offboarding checklist

Every time an employee leaves the company there must be a process with a checklist to complete. Not only are you accountable for managing the employee exit with their team, supervisor, and subordinates, but you must also consider an incredible amount of data security. Considering cloud sharing and data security, we recommend  these extra steps for you to consider adding to your offboarding checklist:

All departments and managers should work closely with IT and security as part of the offboarding process. It’s not enough to simply change an employee’s email and workstation passwords. That starts with having full visibility into how data on your cloud-based collaboration tools is shared is probably one of the most important functions during offboarding. Disabling accounts, resetting passwords, wiping data from personal devices are meaningless if sensitive information in google drive is shared publicly and no one in the company can see that or control that.

Benefits of including data security in your offboarding checklists

Minimize Error and Oversight

Overlooking crucial steps during the offboarding process can lead to unintentional exposure or data leakage. Including data security in your offboarding checklists can help IT professionals keep track of offboarding requirements like critical user accounts, data access privileges and transfer of company assets.

Mitigate Legal Risks

Not having a comprehensive data security offboarding process can expose your company to potential litigation. Incomplete audit trails, administrative errors and compliance violations all can result in legal consequences. Even employees who initially leave on good terms could be disgruntled in the future. Having a structured offboarding process with the use of checklists can remind your IT and HR teams to follow the correct legal steps when offboarding departing employees.

Manage IT Security Risks

Failure to retrieve company equipment and switch off data access for departing employees can pose serious risks of data breach for an organization. HR teams should consult IT departments to determine what equipment and access should be retrieved. Checklists can also be helpful when asking employees to declare that all access has been returned.

Why is this all so important?

Consider these examples:

• The former network administrator for the city of San Francisco held the city’s systems hostage by refusing to give up the passwords. Why? He felt his supervisors were incompetent.
• A former network engineer for oil and gas company EnerVest found out he was going to be fired and sabotaged the company’s systems by returning them to original factory settings.
• A hospital worker stole forms containing patient information and is thought to have filed fraudulent income tax returns.

So, not only do you have to change shared passwords, recover company devices, wipe company data from personal devices, disable their social media accounts, disable privileged user access, you also must maintain full visibility and control over your cloud-based corporate data, especially during offboarding.