Cybersecurity And the Workplace: Part 2
Cybersecurity and the Great Resignation
From hybrid and remote work to the Great Resignation to a greater emphasis on DEI initiatives, the modern workplace is currently undergoing systemic changes. Discussions on these dynamic shifts in the workplace are often viewed from an economic or HR perspective while less attention has been devoted to the cybersecurity impact of these workplace trends. This blog post is the second in a series that aims to breakdown the cybersecurity implications of current trends in the workplace. For additional reading, check out our first blog post on the cybersecurity threat posed by employee burnout here.
The Great Resignation and the revolving door of employee onboarding and offboarding
The Great Resignation, a term coined to describe the recent economic trend in mass resignations across industries, has placed tremendous pressure on organizations’ HR teams to hire and retain talent. Driven by the pandemic, burnout, and a demand for improved wages and job flexibility, employees are leaving positions in droves for more enticing offers, new careers, or exiting the workforce altogether. According to the U.S. Bureau of Labor Statistics, a record 4.5 million workers left their jobs in November 2021 followed by 4.3 million in December. This revolving door has left organizations busy with onboarding and offboarding new and former employees. It is essential that alongside HR paperwork, exit interviews, and finalizing payroll, organizations include cybersecurity in both their onboarding and offboarding processes.
Cyber risks posed by onboarding and offboarding employees
According to the Verizon 2021 Data Breach Investigations Report, the “human element” is behind 85% of cyber breaches. Both onboarding and offboarding processes can serve as critical junctures to mitigate this cyber risk. To guide both processes, it is important organizations have a formalized and documented onboarding and offboarding protocol which includes cyber-specific policies and procedures.
When it comes to new hires, the onboarding process provides an opportune time to educate employees on proper cyber hygiene and the organization’s cybersecurity policies and expectations. Likewise, it ensures employees are granted the appropriate level of access to data and systems to match the responsibilities of their new positions. By educating employees and focusing on access controls, organizations can mitigate risks posed by social engineering scams or the misuse of sensitive data.
In contrast, the offboarding process gives organizations the time to evaluate the departing employee’s digital footprint and guarantee their access to accounts and data are removed. Without proper cybersecurity offboarding procedures, former employees may have the ability to continue to access organization’s systems, which may result in data loss or breach, compliance violations, breaches of confidentiality, and/or a tarnished reputation.
With these considerations in mind, ACA Aponix recommends organizations include the following cybersecurity controls and safeguards in their employee onboarding and offboarding policies.
Onboarding cyber best practices
- Conduct cyber awareness training and communicate your company’s cyber policies
Cyber training is essential at any stage of employment at an organization. During onboarding, it is especially important to use this time to ensure new employees are informed of the organization’s cybersecurity policies and expected cyber behaviors. Training should be catered to the specific industry, organization, and individual’s role when possible. Likewise, training should cover important topics such as password best practices, file sharing, and common phishing techniques used by hackers. Further, this time should also be used to communicate to new employees the process for reporting suspicious activity, emails, links, etc.
- Abide by least privilege access
New employees should be given the minimum level of access to systems, devices, accounts, data, etc. to complete their outlined job duties and responsibilities. If employees need access to additional accounts, such access should be granted on a case-by-case and temporary basis. A best practice would be to wait to give new employees elevated access and privileges until they have had proper training and job education. Examples include technology administration privileges, access to bank accounts or accounting data, and other accounts pertaining to client data or firm trading information. By limiting employees’ access to systems reduces the reach and damage of a potential data breach as well as provides for greater employee transparency and oversight.
- Maintain digital asset inventory
Organizations should keep up-to-date records of employees’ digital assets, including accounts, levels of digital and physical access, devices, etc. Keeping an accurate record helps provide clear employee oversight, including assisting in investigations of potential cyber incidents and the offboarding of departing employees.
Offboarding cyber best practices
- Conduct digital asset inventory
Upon receiving word of an employee’s departure, IT and info security teams should conduct an inventory of the employee’s digital footprint, including their current devices, accounts, and digital as well as physical access permissions to guide the offboarding process and make sure everything is recovered. Departments beyond IT and info security should also have their own asset offboarding checklists, as often individual departments manage access to SaaS or third-party providers.
- Communicate IT and information security offboarding process
It is important organizations communicate the offboarding process for closing and revoking account access, returning devices, and other IT specific protocols to departing employees. The exit interview provides a great setting to communicate these policies to ensure the departing employee knows what is expected.
- Review incident and log data
Review log data of the exiting employee’s activities for any suspicious behavior or mishandling of protected company data.
- Block email forwarding and file sharing
Unfortunately, sometimes employees do not leave on the best of terms which may lead them to hold resentment towards the organization. Even if they leave on good terms, exiting employees may become careless in practicing cyber safety or may want to hold onto internal information for their own benefit or future position. Organizations should consider monitoring or blocking departing employees’ ability to forward emails or share files externally upon submitting their resignation to prevent data loss.
- Revoke access and delete accounts Organizations should revoke the departing employee’s access to all accounts, both on business and personal devices, as well as delete the accounts entirely. A clear timeline with a definitive deadline should be established for all access removal.
- Reset shared passwords
While organizations should avoid the use of shared passwords, if used, such passwords should be reset and changed upon the departure of a former employee to protect the integrity of those accounts.
- Disable physical access
Disable the departing employee’s physical access to the organization’s offices, including access tokens, badges, physical keys, apps, PINs, biometrics, etc.
- Notify employee departure to affected departments
Ensure employee departures are communicated to across departments, including the front desk, security team, systems and facilities, and other relevant departments. Also, if applicable, notify third-party vendors so they aware the departing employees no longer have authorization on those accounts.
- Conduct a last-day audit
Once all the previous steps have been taken, organizations should conduct a final review to double-check all access has been terminated, there is no suspicious logging activity, and all devices have been returned, if appliable. Offboarding checklists from the IT and business teams should be reviewed and signed off to ensure everything is properly accounted for.