All Resources

Why data security should be a key element of your company offboarding exercise

Blog | Altitude Networks, May 5th, 2020

Summary

Information Technology & Security must be part of the offboarding process

A data breach caused by a former employee, whether intentionally or accidentally, can cause millions of dollars in remediation and the loss of your customers’ trust. These unintentional or malicious attacks can take up to 200 days to be detected and even more time for a company to repair the damage caused by the business data loss. The Netwrix 2018 IT Risks Report found that between 40% to 50% of “threat actors” responsible for damage, intellectual property theft, security breaches, and data loss are regular business users. That makes your departing employee more dangerous than any hacker. According to a survey conducted by OneLogin, 20% of the organizations surveyed have experienced data breaches by former employees and over 50% of Ex-Employees Still Have Access to Corporate Applications.

In the past, voluntary departures or forced terminations largely were handled by an employee’s direct manager and the HR department. Today, however, it is important also for business owners to  account for the technical offboarding of employees and safeguard sensitive information from those who might abuse their level of corporate network access . It is important for IT and HR departments to align offboarding processes and policies negating the risks of potential malicious behaviors post-termination. For example, while it is commonplace for employees to receive an overview from HR of their lapsing financial and medical benefits, revoking access to internal and external systems is often an afterthought by IT.

Does anyone know which cloud-based data is accessible by the departing employee, or how that data is shared? Some questions to ask:

Precautionary measures to avoid data breaches

Your offboarding process starts when you onboard the new employee. To make the offboarding process as easy, seamless and secure as possible there are some precautionary steps you can take:

Functional and deployment requirements for data discovery tools

Here is an overview of the functional and deployment requirements recommended for tools that automatically classify data based on its sensitivity.

Functional Requirements:

Deployment Requirements:

Your offboarding checklist

Every time an employee leaves the company there must be a process with a checklist to complete. Not only are you accountable for managing the employee exit with their team, supervisor, and subordinates, but you must also consider an incredible amount of data security. Considering cloud sharing and data security, we recommend  these extra steps for you to consider adding to your offboarding checklist:

Suggestions of steps to add to your offboarding checklist

All departments and managers should work closely with IT and security as part of the offboarding process. It’s not enough to simply change an employee’s email and workstation passwords. That starts with having full visibility into how data on your cloud-based collaboration tools is shared is probably one of the most important functions during offboarding. Disabling accounts, resetting passwords, wiping data from personal devices are meaningless if sensitive information in google drive is shared publicly and no one in the company can see that or control that.

Benefits of including data security in your offboarding checklists


Minimize Error and Oversight

Overlooking crucial steps during the offboarding process can lead to unintentional exposure or data leakage. Including data security in your offboarding checklists can help IT professionals keep track of offboarding requirements like critical user accounts, data access privileges and transfer of company assets.

Mitigate Legal Risks

Not having a comprehensive data security offboarding process can expose your company to potential litigation. Incomplete audit trails, administrative errors and compliance violations all can result in legal consequences. Even employees who initially leave on good terms could be disgruntled in the future. Having a structured offboarding process with the use of checklists can remind your IT and HR teams to follow the correct legal steps when offboarding departing employees.

Manage IT Security Risks

Failure to retrieve company equipment and switch off data access for departing employees can pose serious risks of data breach for an organization. HR teams should consult IT departments to determine what equipment and access should be retrieved. Checklists can also be helpful when asking employees to declare that all access has been returned.

Why is this all so important?

Consider these examples:

So, not only do you have to change shared passwords, recover company devices, wipe company data from personal devices, disable their social media accounts, disable privileged user access, you also must maintain full visibility and control over your cloud-based corporate data, especially during offboarding.

Ready to get your Cloud Security in Check?

Fill in some contact info below or schedule a meeting so we can reach out to provide more details on how Altitude Networks can protect you from data loss in the cloud.

We'll be in touch!
OR

Ready to get your Cloud Security in Check?

Fill in some contact info below or schedule a meeting so we can reach out to provide more details on how Altitude Networks can protect you from data loss in the cloud.

We'll be in touch!
OR