The Importance of Effective Offboarding
A recent article from Information Week reports that “75% of insider threat cases involved a disgruntled ex-employee who left with company data, destroyed company data, or accessed company networks after their departure.”
This demonstrates that offboarding isn’t just an HR matter: it can be critical to your organization’s data security and operations.
The article also highlights what’s on the horizon. Two key takeaways stood out to us. The first is the fact that the window of time to patch high-profile vulnerabilities before exploitation is shrinking. The second is a potential increase in cybercrime: They outline some key reasons why cybercrime may begin to rise, including the availability of attack frameworks and hacking as a service leading to an increase in unskilled threat actors; an increase in politically-motivated attacks; as well as the potential of more individuals turning to cybercrime due to declining economic conditions.
With this in mind, we’ve rounded up some key articles on this topic from around the web. These sources highlight what businesses should consider when it comes to the security of their offboarding process. You can click the links for the full story, or get the overview in this brief from our team!
TechTarget: “6 Best Practices for Ensuring Offboarding Cybersecurity”
This article highlights the important concrete steps that are essential to offboarding, including:
- collecting company property
- disabling user accounts promptly
- when applicable, notifying partners or clients when team members are no longer with the organization or when there is a transition.
Additionally, TechTarget highlights that, even when it comes to the vast majority of workers who are trustworthy, it’s important that good security practices start early, by ensuring team members are well-educated in the importance of cyber security from the beginning, to ensure that there are no inadvertent mistakes which can compromise data or security. Best practices can include using a password manager, and ensuring that work is done throughout team accounts rather than personal ones.
CSO Online: “Top Risks and Best Practices For Securely Offboarding Employees”
Like TechTarget, the CSO article highlights the risk of deliberate and accidental data theft, the risk of disgruntled team members becoming malicious insiders, and the risk of not offboarding team members promptly.
The CSO Online article also emphasizes the additional risk of shadow IT and SaaS usage. They note that, “This is magnified for cloud and SaaS systems/applications that don’t require specific network access or physical presence in an office, with IT teams often unaware of the extent of employees’ SaaS usage,” elaborating that, “Without being part of an IAM architecture and or zero trust approach to access management, these cloud systems will inevitably lead to access beyond the termination of employment.”
They highlight that the best way to ensure a smooth offboarding is to:
• Have a strong onboarding process
• Engaging in proactive interdepartmental collaboration
• Ensure clear visibility of SaaS usage and permissions
• Monitor for unusual or risky behaviour from outgoing staff
• Secure corporate assets, devices, credentials
• Handle the leaving process with transparency
Examining whether your business follows these best practices, and determining on a gameplan if improvement is necessary can help make offboarding strategies more secure and resilient.
Learn More
Does your offboarding process adhere to cybersecurity best practices? Want to learn more about this topic? Get in touch with our team through the contact button, or follow us on LinkedIn for more key news and topic recaps.
