Careers & People

6/5/2017
08:00 AM
Greg Kushto
Greg Kushto
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Securely Managing Employee Turnover: 3 Tips

Don't let the process spiral into organizational chaos. Here are steps you can take to keep your company safe.

Sometimes it's mutual, other times it's not. Either way, it's inevitable: employees — entry-level and executive alike — come and go. Unfortunately, we often overlook the risks and vulnerabilities that employee turnover can introduce, particularly from an IT security standpoint.

Although disgruntled employees and whistleblowers raise the most alarm, don't be naive: not every outbound worker is an Edward Snowden or a Chelsea Manning, and risks aren't limited to bad intentions. Even people who leave on the best of terms can cause problems.

Consider, for instance, an employee who takes copies of a report he wrote, believing it might be of value to his professional portfolio. Two years later, he's looking for a new position and, with no sense of malice whatsoever, shares that portfolio during the interview process. Unfortunately, that document also happens to contain highly sensitive information — and the organization where he's interviewing happens to be a major competitor. It's all too common: an estimated 60% of employees admit to taking corporate data when they leave an organization.

Of course, that's just one example of what could go wrong: There are countless more. That's why organizations need a comprehensive, exhaustive strategy to manage employee exits. Let's look at some ways to prevent employee turnover from spiraling into organizational crisis.

Tip 1: Access Should Be Discussed and Planned ASAP
The moment someone submits a resignation letter, there should be immediate action. In theory, everyone knows this. Unfortunately, too few organizations have a cohesive, documented strategy for dealing with the problem in all its variations.

It's not just a matter of immediately removing access — nor is that always practical. If you fire someone, sure, lock down his or her accounts and change the passwords. But what about an employee who is simply transitioning from full-time to a consulting role with the organization? That person may need some access.

Taking effective action before someone leaves requires collaborative, preemptive effort and planning from multiple departments or teams. Business leaders should sit down with IT and HR staff to determine not only who notifies the appropriate parties that someone is leaving but also who's responsible for modifying that person's access and when.

Tip 2: If You're Not Immediately Removing Access, Start Tracking Activity
Once organizations know someone is leaving, they should begin tracking the employee's behavior until his or her departure, right up until access is denied. Take care to review any recent network activity even before that person handed in a resignation, when he or she was less likely to be monitored for suspicious activity. Many people will copy files and emails and take work they feel entitled to before they hand in their notice. After all, at the end of the day we're human beings who, after investing so much time and effort in our work, don't want to relinquish our rights to it.

Check out the all-star panels at the 'Understanding Cyber Attackers & Cyber Threats' event June 21 and get an in-depth look at your cyber adversaries. Click here to register. 

Effective behavior tracking requires your IT and security operations teams to prioritize monitoring the individual's actions — which they can't do until they know the person is leaving. If necessary, IT staff can categorize a user's activities so that behaviors typically deemed low-risk receive more attention.

If possible, look as far back as your resources allow. Accomplishing this requires the ability to look back and track specific downloads and file types by user. Fortunately, many organizations already have the tools to do this.

If data lives in the cloud, organizations should consider investing in a cloud access security broker or next-generation firewall. If not, network anomaly detection is another alternative.

Tip 3: Inform Employees of Their Access
Looking down from the top, organizational leaders often may not realize the extent of their employees' access — including whether they have access to data they shouldn't. And, of course, no matter what restrictions you put in place, human beings inevitably find their way around network restrictions if they think it will make things faster and easier.

Ultimately, you should know every employee's access level well before that resignation letter drops. This requires sitting down with individuals or teams to understand their duties and responsibilities — along with what kind of data they need to fulfill them. A paper checklist isn't enough: you need a face-to-face, deep-dive meeting to gauge access, system usage, and, most importantly, whether the individual is doing anything outside the job description.

Without this, organizations will never have a full understanding of how employees use the network and which parts they use, including those employees with one foot out the door. Consequently, whenever employees leave, those responsible for cleaning up will again and again find themselves scrambling to figure out where their access needs to be cut, while simultaneously looking for theoretical warning signs — a time-consuming and, without a solid strategy, often fruitless task.

In short, managing the exit of employees doesn't just happen. It requires a collaborative, organization-wide plan with the right processes and systems in place and ready for action. The alternative is a chaotic, last-minute scramble requiring significant effort and reduced productivity for those left behind to pick up the pieces.

Related Content:

Greg Kushto joined Force 3 in 2014 and is the Vice President of Sales Engineering. In this role, he is responsible for creating comprehensive security solutions for Force 3's client base within both the public and private sector, and ensuring that customers properly align ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JulietteRizkallah
50%
50%
JulietteRizkallah,
User Rank: Ninja
6/6/2017 | 4:18:54 PM
too little too late
I would argue that if an organization worries about resigning employees' access to systems, apps and data they missed the point.  They should worry about any employees, contractors, customers or partners' access to sensitive data at any time and especially during the Joiner/Mover/Leaver lifecyle events. That is why idenity management is so much in demand right now, firewalls, including next-gen firewalls, will be of little help compared to the governance and control of an IGA solution.
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
To Click or Not to Click: The Answer Is Easy
Kowsik Guruswamy, Chief Technology Officer at Menlo Security,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19301
PUBLISHED: 2018-11-15
tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log.
CVE-2018-5407
PUBLISHED: 2018-11-15
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2018-14934
PUBLISHED: 2018-11-15
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone.
CVE-2018-14935
PUBLISHED: 2018-11-15
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.
CVE-2018-16619
PUBLISHED: 2018-11-15
Sonatype Nexus Repository Manager before 3.14 allows XSS.