The significant wave of layoffs in 2024 has introduced a cybersecurity threat that many business owners are overlooking: the offboarding process for employees. Even well-known brands, which you'd expect to have top-tier cybersecurity measures, often fail to protect themselves adequately from insider threats. This August marks a year since two disgruntled Tesla employees, after being terminated, exposed the personal information—including names, addresses, phone numbers, and Social Security numbers—of over 75,000 individuals, including employees.
Unfortunately, the situation is expected to worsen. According to NerdWallet, as of May 24, 2024, 298 U.S.-based tech companies have laid off 84,600 workers, with numbers still climbing. This includes significant layoffs at major companies like Amazon, Google, and Microsoft, as well as smaller tech start-ups. In total, around 257,254 jobs were cut in the first quarter of 2024 alone.
Regardless of whether you need to downsize your team this year, having a robust offboarding process is essential for every business, big or small. It's more than a routine administrative task—it's a critical security measure. Failing to revoke access for former employees can lead to severe business and legal consequences.
Some of these issues include:
● Theft of Intellectual Property: Employees can abscond with your company's files, client data, and confidential information stored on personal devices. They may also retain access to cloud-based applications like social media sites and file-sharing services (e.g., Dropbox or OneDrive) that your IT department may overlook or forget to update passwords for. A study by Osterman Research found that 69% of businesses experience data loss due to employee turnover, and 87% of departing employees take data with them. This information is often sold to competitors, used by competitors when they hire the former employee, or used by the former employee to become a competitor. In any scenario, it harms your business.
● Compliance Violations: Failing to revoke access privileges and remove employees from authorized user lists can result in noncompliance in heavily regulated industries. This seemingly minor oversight can lead to substantial fines, severe penalties, and even legal repercussions.
● Data Deletion: If an employee feels they were unfairly laid off and retains access to their accounts, they could easily delete all their emails and any critical files they can access. Without proper backups, this data loss can be catastrophic.
And for those thinking, "I'll sue them!"—even if you win, the legal costs, time wasted on the lawsuit, efforts to recover the data, and the aggravation and distraction of the entire process often outweigh any potential damages you might be awarded.
● Data Breach: This is perhaps the most alarming threat. Disgruntled employees who feel wronged can make you the subject of the next major data breach headline, leading to costly lawsuits. With a single click, they could download, expose, or modify your clients' or employees' private information, financial records, or trade secrets.
Do you have an airtight offboarding process to mitigate these risks? Chances are, you don't. A 2024 study by Wing revealed that one out of five organizations has evidence that some former users were not properly offboarded. And these are only the organizations savvy enough to detect it.
