Massive Layoffs In 2024 Create A Serious Threat To Your Cybersecurity

The massive wave of layoffs in 2024 has introduced a significant cybersecurity threat that many business owners are overlooking: the offboarding of employees. Even prominent brands, which you would expect to have state-of-the-art cybersecurity measures, often fail to protect themselves adequately from insider threats. This August marks one year since two disgruntled Tesla employees, after being terminated, exposed the personal information—including names, addresses, phone numbers, and Social Security numbers—of over 75,000 individuals, including employees.

The situation is expected to worsen. According to NerdWallet, as of May 24, 2024, 298 US-based tech companies have laid off 84,600 workers, and the number is still rising. This includes significant layoffs at major companies like Amazon, Google, and Microsoft, as well as smaller tech start-ups. In total, approximately 257,254 jobs were cut in the first quarter of 2024 alone.

Regardless of whether you anticipate downsizing your team this year, implementing a robust offboarding process is crucial for every business, large or small. It's not just a routine administrative task; it's a vital security measure. Failing to revoke access for former employees can lead to serious business and legal repercussions.

Some of these issues include:

● Theft of Intellectual Property: Former employees can abscond with your company's files, client data, and confidential information stored on personal devices. They may also retain access to cloud-based applications like social media sites and file-sharing services (e.g., Dropbox or OneDrive) that your IT department may overlook or forget to update passwords for. A study by Osterman Research found that 69% of businesses experience data loss due to employee turnover, and 87% of departing employees take data with them. Often, this valuable information is sold to competitors, used by the competition, or leveraged by the former employee to establish a competing business.

● Compliance Violations: Neglecting to revoke access privileges and remove employees from authorized user lists can result in noncompliance in heavily regulated industries. This oversight can lead to substantial fines, severe penalties, and, in some cases, legal consequences.

● Data Deletion: If an employee feels unjustly laid off and retains access to their accounts, they could easily delete all their emails and any critical files they can access. Without proper backups, this data could be lost permanently. While you might consider legal action, the reality is that the costs—legal fees, time spent on the lawsuit, data recovery efforts, and the overall hassle—often outweigh any potential damages you might recover.

● Data Breach: This might be the most alarming risk of all. Disgruntled employees who feel wronged could make your company the subject of the next major data breach headline, leading to costly lawsuits. With a single click, they could download, expose, or modify your clients' or employees' private information, financial records, or trade secrets.

Do you have an airtight offboarding process to mitigate these risks? Chances are, you don't. A 2024 study by Wing revealed that one in five organizations has evidence that some former users were not properly offboarded. And these are just the organizations that were diligent enough to detect the issue.

Schedule a Discovery Call


How should you properly offboard a client?

● Apply the Principle of Least Privilege - Effective offboarding begins with strategic onboarding. Grant new employees access only to the files and programs essential for their roles. Document these access levels meticulously to facilitate a smoother offboarding process.

● Utilize Automation - Your IT team can employ automation to efficiently revoke access to multiple software applications simultaneously. This approach saves time, conserves resources, and minimizes the risk of manual errors.

● Implement Continuous Monitoring - Deploy software that monitors user activity across the company network. This can help detect suspicious behavior from unauthorized users and determine if a former employee still has access to sensitive accounts.

These are just a few strategies your IT team can use to enhance your offboarding process, making it more efficient and secure.

Insider threats can be catastrophic, and assuming it won't happen to you is a risky mindset. Proactively protect your organization.

To find out if any gaps in your offboarding process expose you to theft or a data breach, our team will do a free, in-depth risk assessment to help you resolve it. Call us at 802-331-1900 or click here to book now.