Ex-Employees and IT Security: An Offboarding Checklist to Protect Your Business

Ex Employees and IT Security

Maintaining security during an employee’s departure, whether voluntary or as a result of termination, depends heavily on the offboarding procedure. Significant dangers, including as data breaches, intellectual property theft, and other harmful acts, might result from inadequate offboarding. This blog article will examine the risks that former employees may pose, the extent of the issue, actual instances of security breaches, the legal obligations of businesses, and it will offer a thorough process and check list to guarantee the safety of your company. Many companies will send leaver requests to their IT provider to process for them.

Understanding the Threats Posed by Ex-Employees

Over the past ten years, the danger landscape for enterprises has changed significantly, with insider threats becoming a growing source of worry. Because they frequently possess a thorough understanding of a company’s systems, procedures, and data, former workers represent a special kind of insider threat. Among the biggest risks that former workers present are:

  1. Data Theft: Ex-employees might take sensitive data with them, either deliberately or unintentionally. This could include customer information, financial records, trade secrets, or proprietary intellectual property. In some cases, they may use this data to benefit a new employer, start their own venture, or sell it to competitors.
  2. Sabotage: Disgruntled ex-employees may engage in acts of sabotage. This can range from deleting critical files to introducing malware into the company’s systems. In extreme cases, they might seek to disrupt business operations entirely.
  3. Laptop SecurityUnauthorized Access: If an ex-employee’s access to company systems is not promptly revoked, they could continue to access sensitive data and systems. This could lead to data breaches, theft, or other malicious activities.
  4. Social Engineering: Former employees can exploit their insider knowledge to deceive current employees into providing them with access to systems or sensitive information. This type of threat can be particularly challenging to detect and prevent.
  5. Reputation Damage: Ex-employees with access to sensitive information might leak confidential data to the public or the media, causing significant damage to a company’s reputation and customer trust.

How Big Is the Problem?

The risk posed by former employees is real and is becoming more so. It is not hypothetical. Several publications and research have brought attention to the frequency and seriousness of security incidents involving former employees:

  • Ponemon Institute’s 2020 Cost of Insider Threats Report: This report found that insider threats, which include threats from ex-employees, have increased by 47% over the past two years. The average cost of an insider-related incident has risen to over $11 million.
  • Code42’s 2021 Data Exposure Report: According to this report, 63% of employees admitted to taking data with them when they left a job. Furthermore, 87% of business leaders acknowledged that this practice is a growing concern for their organizations.
  • Gartner’s 2022 Security and Risk Management Report: Gartner identified insider threats as one of the top five security concerns for organizations globally. This includes risks from both current and former employees.

The statistics underscore the importance of having a robust offboarding process in place. Failure to properly manage the departure of employees can leave organizations vulnerable to a range of security threats that can have long-lasting consequences.

Real-World Examples of Security Breaches Involving Ex-Employees

The following examples illustrate how ex-employees can exploit their access to cause significant harm to their former employers:

  1. SunTrust Banks (2018): A former employee of SunTrust Banks stole personal data from 1.5 million clients and attempted to share it with a criminal third party. This breach exposed the vulnerabilities in SunTrust’s offboarding process, where the employee retained access to sensitive information even after their departure.
  2. Marriott International (2019): Marriott experienced a massive data breach when the credentials of a former employee were used to access the personal information of 5.2 million guests. This breach highlighted the importance of promptly revoking access to sensitive systems once an employee leaves the company.
  3. Tesla (2020): A disgruntled ex-employee at Tesla was accused of sabotaging the company’s manufacturing software and leaking confidential information to the media. The ex-employee’s actions disrupted Tesla’s operations and exposed the company to reputational and financial damage.
  4. Facebook (2018): An ex-employee gained unauthorized access to Facebook’s servers and leaked confidential data. This breach resulted in significant damage to Facebook’s reputation and led to a reevaluation of their offboarding procedures.

These examples demonstrate that the risks associated with ex-employees are not hypothetical. Businesses must take proactive steps to ensure that their offboarding processes are thorough and secure.

Legal Responsibilities and Implications

Sensitive information protection is a legal requirement for organisations, and not doing so can have serious legal and financial ramifications. Businesses must adhere to stringent guidelines while managing personal data due to data protection legislation, such as the California

GDPR

Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) in the European Union, and numerous more rules across the globe.

A business may be sued by partners, customers, and regulators if an employee who was improperly offboarded has access to or divulges confidential information. Serious penalties, legal action, and reputational harm to the business could follow from this.

Furthermore, companies risk liability if they fail to sufficiently train and advise staff members on how to handle sensitive data. This involves making certain that any non-compete or non-disclosure agreements (NDAs) that departing employees may have signed are brought to their attention.

Creating a Comprehensive Offboarding Procedure

Businesses need to put in place a thorough offboarding process that takes into account both human and technical considerations in order to reduce the risks related to former employees. A thorough strategy and checklist that businesses should adhere to in order to guarantee a safe and efficient offboarding operation are provided below.

1. Notification and Coordination
  • Receive Formal Resignation/Termination Notice: The HR department should immediately notify IT and security teams when an employee’s departure is confirmed. This triggers the offboarding process and ensures that all relevant departments are aware of the impending exit.
  • Schedule Exit Interview: Conduct an exit interview to discuss the reasons for the employee’s departure and to outline the offboarding process. This is also an opportunity to retrieve company property and remind the employee of any contractual obligations, such as NDAs.
2. Access Termination
  • Revoke Network Access: Disable the departing employee’s access to all company networks, including VPNs, intranets, and internal communication tools. This should be done as soon as the employee’s departure is confirmed.
  • Deactivate User Accounts: Immediately deactivate all user accounts associated with the departing employee, including email, cloud storage, CRM systems, and any other software platforms. Ensure that multi-factor authentication (MFA) tokens are also deactivated.
  • Change Shared Passwords: Update passwords for any shared accounts that the departing employee had access to, such as social media accounts, project management tools, or collaboration platforms.
  • Revoke Physical Access: Retrieve security badges, keys, and any other access devices. Disable the employee’s access to physical locations, such as offices, server rooms, and data centers.
3. Data Security
  • Audit and Backup Data: Conduct an audit of the departing employee’s digital footprint to identify any files or communications that need to be backed up or transferred to another employee. This ensures that no critical data is lost.
  • Retrieve Company Devices: Collect all company-owned devices from the departing employee, including laptops, smartphones,Monitor for Unusual Activity tablets, and USB drives. Ensure that all data is securely wiped from these devices before they are reassigned or decommissioned.
  • Secure Intellectual Property: Ensure that all proprietary information, such as project files, design documents, or source code, is returned. Verify that the employee does not retain copies of any sensitive documents or data.
  • Monitor for Unusual Activity: Implement heightened monitoring of systems for any unusual activity in the days and weeks following the employee’s departure. This includes monitoring for unauthorized access attempts or data transfers.
4. Communication and Documentation
  • Communicate with Relevant Teams: Inform relevant teams and departments about the employee’s departure. This includes updating organizational charts, project assignments, and ensuring that clients or external partners are notified if necessary.
  • Document the Offboarding Process: Keep detailed records of all actions taken during the offboarding process. This includes a checklist of tasks completed, access revoked, and data secured. These records are crucial for compliance and legal purposes.
5. Legal and Compliance
  • Conduct a Compliance Check: Review the offboarding process to ensure that all actions taken are in line with data protection regulations and company policies. This includes verifying that all personal data handled by the departing employee has been securely transferred or deleted.
  • Review Non-Disclosure Agreements (NDAs): During the exit interview, remind the departing employee of any NDAs or non-compete agreements they have signed. This is also an opportunity to address any concerns or questions the employee may have about their obligations post-departure.
6. Post-Departure Follow-Up
  • Survey for Unauthorized Access: Regularly check for any unauthorized access attempts using the departing employee’s credentials. This should be part of ongoing security monitoring for at least several weeks after the employee leaves.
  • Update Security Policies: Use the offboarding experience to review and update security policies. Identify any weaknesses or gaps in the process and implement improvements to prevent future risks.
  • Conduct a Final Review: After a few weeks, conduct a final review to ensure that all offboarding tasks have been completed and that no residual risks remain. This includes verifying that all company property has been returned and that all access has been revoked.

Conclusion

There are serious security dangers associated with former employees, and companies should not ignore these threats. In order to reduce these risks and safeguard confidential information, intellectual property, and the company’s reputation, a clear offboarding procedure is necessary. Organisations may be sure they are taking the required precautions to secure their systems and data when staff depart by adhering to the comprehensive process and checklist provided in this post.

Where security problems and data breaches are happening more frequently, strong offboarding procedures are not only recommended, but also essential. By putting these safeguards in place, you can protect your organisation from the growing threat of insider assaults and make sure that it stays safe even when there is staff turnover.