The employee offboarding process presents significant data security risks. The Osterman Research study Do Ex-Employees Still Have Access to Your Corporate Data? found that 89% of employees were able to access sensitive corporate applications well after their departure.
Are you concerned about the damage a terminated employee could cause with access to sensitive corporate information, account passwords, and other proprietary data?
These vulnerabilities need to be addressed as a part of your employee offboarding process. Keep reading for an overview of the cybersecurity risks of improper employee offboarding and to gain access to a white paper with valuable information for keeping data safe from insider threats following a termination.
Employees are in the optimal position to steal and vandalize sensitive corporate data. They have intimate access to it, insider knowledge of the organization’s systems, and a level of trust that could allow them to steal data undetected.
Insider data theft doesn’t exclude management, either; C-Suite employees are just as dangerous. In fact, 72% of CEOs surveyed by Code42 have stated that they’ve taken valuable intellectual property from their former employers.
Without critical security controls in place a disgruntled employee can wreak havoc on corporate data infrastructure. Upon hearing that they were about to be terminated, a network engineer at EnerVest reset the company’s servers to factory default settings and disconnected all of their remote backups. This incident cost the company 30 days in lost productivity, with related costs exceeding $1 million.
63% of employees in a Code42 report have indicated that they brought data from their previous employer to their current employer. Employees that are seeking to transition to a new role may be motivated to use their current employer’s trade secrets to gain an advantage over other applicants.
Departing employees can use stolen intellectual property to gain a competitive advantage over their former employer, such as the two former General Electric employees that stole data on advanced computer models for calibrating turbines alongside related marketing and pricing information. The ex-employees used their former employer’s trade secrets to create a competing company.
Protected classes of data such as regulated data (HIPAA, GDPR, etc) and Personally Identifiable Information (PII) could be breached by an ex-employee. Data security compliance frameworks require robust security controls for ensuring the confidentiality, integrity, and availability of data.
If a disgruntled ex-employee manages to steal this sensitive information their former employer is highly likely to be held accountable for their lack of data security measures.
The 2020 Verizon Data Breach Investigations Report found that 86% of data breaches are motivated by money. Confidential data can be a significant windfall for departing employees thanks to its inherent value for competitors and identity thieves. This data can include payment information, personally identifiable information (PII), and trade secrets.
72% of business decision-makers in the Code42 report believe they are entitled to corporate data that they contributed to. This data includes IP such as source code for developers, renders of creative projects for designers, and contact information of clients for salespeople.
Employees that are being involuntarily terminated from their roles, passed over for a promotion, or denied a desired raise are more likely to steal or sabotage corporate data and related systems as a way of “getting back” at the company.
This isn’t exclusive to involuntary terminations either. Motives for revenge can still be present when an employee voluntarily chooses to resign. Measures for preventing employee data theft must be ongoing and proactive to effectively protect data against insider threats.
Organizations without critical security controls for managing the flow of data risk having sensitive information retained on employee-managed resources such as cloud storage accounts, personal devices, and email accounts.
This retention is not necessarily malicious in nature; departing employees may simply be unaware that the data is even there, or they may be unaware of the risks associated with having that data in their possession.
The possibility of accidental retention further emphasizes the need for an IT employee offboarding process that truly revokes an ex-employee’s access to corporate systems.
Is your employee offboarding process prepared to address the data security risks of a disgruntled ex-employee?
Learn how to keep sensitive corporate data safe during employee offboarding in CurrentWare’s new white paper “How to Keep Data Safe When Offboarding Employees: Insider Threat Management Strategies For IT & HR Professionals”
This white paper contains critical information that IT professionals need to know when deprovisioning a terminated employee.
The employee offboarding process presents significant data security risks. Employees have intimate access to corporate data, insider knowledge of the organization’s systems, and a level of trust that can allow them to steal data undetected. Click here to learn the best practices for protecting sensitive data during a termination.
Concerned about the damage a terminated employee could cause with access to sensitive corporate information, account passwords, and other sensitive data?
Follow this employee offboarding checklist to protect your network following a termination
This free employee offboarding checklist template for IT admins is an interactive PDF complete with digital signature fields, checkboxes, and text boxes for each offboarding item. It includes pre-filled sections with key deprovisioning items as well as ample blank pages that can be customized to fit the unique needs of your organization.
This template can be printed as a standard document or used digitally as an interactive form. For the best experience you should use the free Adobe Acrobat Reader or the latest version of Microsoft Edge as your PDF viewer.
Insider data theft is a pervasive issue that threatens an organization’s reputation, business continuity, and competitive edge. The employee offboarding process presents one of the greatest opportunities for insider threats to steal sensitive information, intellectual property, and other crucial data.
By combining a thoroughly planned offboarding process with advanced monitoring and control over data egress points an organization can protect their sensitive data against insider threats.
Ready to protect your data against insider threats? Gain access to CurrentWare’s FREE white paper “How to Keep Data Safe When Offboarding Employees: Insider Threat Management Strategies For IT & HR Professionals” by clicking the button down below.