The massive wave of layoffs in 2024 has introduced a significant cybersecurity threat that many business owners are overlooking: the offboarding of employees. Even prominent brands, which you would expect to have state-of-the-art cybersecurity measures, often fail to protect themselves adequately from insider threats. This August marks one year since two disgruntled Tesla employees, after being terminated, exposed the personal information—including names, addresses, phone numbers, and Social Security numbers—of over 75,000 individuals, including employees.
The situation is expected to worsen. According to NerdWallet, as of May 24, 2024, 298 US-based tech companies have laid off 84,600 workers, and the number is still rising. This includes significant layoffs at major companies like Amazon, Google, and Microsoft, as well as smaller tech start-ups. In total, approximately 257,254 jobs were cut in the first quarter of 2024 alone.
Regardless of whether you anticipate downsizing your team this year, implementing a robust offboarding process is crucial for every business, large or small. It's not just a routine administrative task; it's a vital security measure. Failing to revoke access for former employees can lead to serious business and legal repercussions.
Some of these issues include:
● Theft of Intellectual Property: Former employees can abscond with your company's files, client data, and confidential information stored on personal devices. They may also retain access to cloud-based applications like social media sites and file-sharing services (e.g., Dropbox or OneDrive) that your IT department may overlook or forget to update passwords for. A study by Osterman Research found that 69% of businesses experience data loss due to employee turnover, and 87% of departing employees take data with them. Often, this valuable information is sold to competitors, used by the competition, or leveraged by the former employee to establish a competing business.
● Compliance Violations: Neglecting to revoke access privileges and remove employees from authorized user lists can result in noncompliance in heavily regulated industries. This oversight can lead to substantial fines, severe penalties, and, in some cases, legal consequences.
● Data Deletion: If an employee feels unjustly laid off and retains access to their accounts, they could easily delete all their emails and any critical files they can access. Without proper backups, this data could be lost permanently. While you might consider legal action, the reality is that the costs—legal fees, time spent on the lawsuit, data recovery efforts, and the overall hassle—often outweigh any potential damages you might recover.
● Data Breach: This might be the most alarming risk of all. Disgruntled employees who feel wronged could make your company the subject of the next major data breach headline, leading to costly lawsuits. With a single click, they could download, expose, or modify your clients' or employees' private information, financial records, or trade secrets.
Do you have an airtight offboarding process to mitigate these risks? Chances are, you don't. A 2024 study by Wing revealed that one in five organizations has evidence that some former users were not properly offboarded. And these are just the organizations that were diligent enough to detect the issue.