What are Employee Offboarding Cybersecurity Risks?
Employee offboarding is the process of formally separating an employee from an organization due to retirement, resignation, termination, illness, or death. Employee offboarding encompasses all of the decisions and processes involved in this separation, including transferring the employee’s job responsibilities, deactivating access permissions, deactivating passwords, returning equipment and supplies, conducting exit interviews, and more. Survey research from Beyond Identity has highlighted many of the practices and problems in offboarding, and have noted these key takeaways1:
- Nearly one-third of employers have suffered a website hack due to ineffective offboarding.
- Over 25% of employers had their companies’ reputations damaged due to ineffective offboarding.
- 91% of employees still have access to company files since offboarding earlier in the year.
Their research found that ineffective offboarding after a layoff most commonly resulted in businesses having the backend of their websites hacked (32%), office supplies stolen (30%), data or files lost (29%) or data and files breached (28%), with more than half of these results being associated with cybersecurity. Of the 91% of employees that reported to still have access to company files since offboarding earlier in the year, they noted that they still had access to the following:
- Email account (32%)
- Software passwords (31%)
- Company social media accounts (30%)
- Backend of employer’s website (28%)
- Cloud accounts (27%)
- Work-related material (25%)
- Company financial accounts (22%)
- Shared files and documents (22%)
Serious risks associated with ineffective employee offboarding include:
- Data compromise. Former employees who retain access to company data may delete, damage, steal, or share access to that data, intentionally or unintentionally.
- Compliance violations. Data that is accessed and/or manipulated by an employee may lead to penalties from regulatory compliance law violations of laws such as HIPAA and GDPR.
- Reputation damage. Damage to your organization due to data loss or data breach can be significant due to broken trust and damage liability.
The following tips can help to ensure that you minimize the cybersecurity risks associated with ineffective employee offboarding:
- Exit interview checklist. Incorporate offboarding into the exit interview by completing a checklist with the employee that confirms all devices have been returned, access permissions have been revoked, and access to other applications and services has been removed.
- Password management. Change passwords, reset shared passwords, and deactivate licenses before the employee leaves the building on their last day.
- Monitor network activity. Audit network activity to ensure that employees are not downloading excessive amounts of data, which could indicate that they are keeping these files in personal storage.
- Prevent email forwarding. Data exfiltration and data leakage strategies can involve email forwarding.
- Inventory. Keep records of all devices, accounts, permissions, and responsibilities that every employee has, to make offboarding easier and more effective.
- Maintain positive relationship with employee. Improve the offboarding process by separating as amicably as possible.
1 Beyond Identity, 2023, “Cybersecurity Risks of Improper Offboarding After Layoffs”