![The Edge Logo The Edge Logo](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt530eb1f4e672eb44/653a71690e92cc040a3e9d6d/Dark_Reading_Logo_TheEdge_0.png?width=700&auto=webp&quality=80&disable=upscale)
Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.
10 Tips for Maintaining Information Security During Layoffs
Insider cyberthreats are always an issue during layoffs -- but with record numbers of home-office workers heading for the unemployment line, it has never been harder to maintain cybersecurity during offboarding.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blteccb8833af5bf85f/64f0d43b00fbd42f48b5b8a1/01_layoffs_500x400.jpg?width=700&auto=webp&quality=80&disable=upscale)
Business disruption and the financial toll brought on by the COVID-19 has forced many companies, large and small, to let go of staff. In fact, more than 40 million Americans have filed for unemployment in the past 10 weeks, with cuts hitting major companies including Boeing, IBM, and United Airlines.
While layoffs are never an easy scenario to deal with at any time, how well they are handled varies greatly, says Niamh Muldoon, senior director of trust and security EMEA with OneLogin.
"Early in my career, I worked on a case where a layoff process went horribly wrong and resulted in huge financial loss for the company along with a huge investigation, e-discovery, and a legal case," Muldoon says. "So, I urge organizations to invest time into properly planning for this unfortunate situation."
That includes the potential repercussions if a laid-off employee decides to retaliate and walk away with private corporate intellectual property (IP) or other sensitive data. And that's not unusual: According to a recent report on 2,000 US and UK employees from email security firm Tessian, more than one-third admitted taking company documents with them when they left a job. The data also revealed US employees are almost twice as likely to download, save, or exfiltrate work-related documents before leaving or after being dismissed from a job.
How can security managers ensure data doesn't walk out the door with a departing employee? Here are 10 recommendations to keep the layoff process secure.
With so many people working from home amid the pandemic, many terminations will affect employees who are not physically in an office. Handling their access control and other unique requirements may be new territory for some security managers.
"Unless controls were updated during the first phase of work-from-home, it's likely that the process governing employee separations wasn't changed to address how laptops, door badges, mobile phones, and any data on USB drives might be handled when there is no IT department to return corporate assets to," says Mackey.
The messaging regarding terminations that take place virtually will also need to be tailored to consider distance. Clearly communicate to remote laid-off workers your expectations about stopping use of company devices, says Stephen Cavey, co-founder and chief evangelist at Ground Labs.
"They should be made aware that upon the conclusion of their employment that no company data should be accessed via any device," he says. "The risks associated with this scenario should be minimal when utilizing a good 'run sheet' and where data is stored in company-controlled locations."
It may go without saying, but any solid security strategy means you have implemented data security practices before any staff trims begin.
"Many employment contracts should have a strict IP clause and include specific language regarding the treatment of confidential data while working for and upon leaving your company," says Claire Ginnelly, HR director at the Information Security Forum.
In addition to ensuring that language is included in contracts before employees even start their job, good data security practice also means regular compliance training for all employees on handling sensitive data and a well-maintained inventory of all equipment and devices issued during the employee's tenure, says Ginnelly.
"All of these aspects should be reviewed in the exit interview along with any social media accounts which need to be switched over to the people manager, who should confirm all privileges are turned off quickly after offboarding," she says.
Security managers need to be at the table at the outset of any plans for termination. Human resources and legal will obviously be involved, too.
"It is imperative that HR ensures business leaders are connecting with their team and fostering strong personal relationships," Ginnelly says. "Communication between teams needs to be clear on what the impact of an employee's departure will have on stakeholders, processes, and systems."
In addition to HR, a cross-functional project team with representation from business and technology needs to support the security team to successfully manage risk, OneLogin's Muldoon says. "Appointing an independent assurance manager within the project team is a critical role," she adds. "This person is on point to complete checklists and sign off that actions are completed."
While security executives are on the same page about the importance of locking down a laid-off employee's network access, their approach regarding how it should be handled differs.
"Don't rush to cut access or push people out without the ability to collect personal files," advises Jadee Hanson, Code42's CISO and CIO. "If you all of a sudden start treating your employees poorly, you should prepare for damage to be done to your company."
But others were of the opinion that terminated employees should be immediately locked out of systems to prevent retaliatory behavior.
"When it comes to offboarding and protecting corporate IP, timing is everything," says Rick Holland, CISO at Digital Shadows. "The termination process should be orchestrated to eliminate opportunities for staff to steal or destroy data. Corporate access should be disabled at the exact time that the employee is informed of the termination."
For high-risk staff, proactively enabling additional monitoring via solutions like user and entity behavior analytics (UEBA) could alert to any suspicious activity before the employee's actual termination date, he adds.
Yet some also recommend a more nuanced, case-by-case approach.
"The key question to ask in the context of employee separations would be, what audit controls are in place to identify data that was accessed by the employee, and can those audit controls ensure that all data is returned intact when an employee is returning their physical assets," says Tim Mackey, principal security strategist at Synopsys CyRC.
While people are only as good as their word, and may not live up to it, it's still important to have documentation of security expectations when they are heading out the door, even if that was part of the initial employment contract.
"Security managers should work with HR to ensure that employees sign a statement during offboarding that reminds them of their confidentiality obligations and that attests that they are not taking any confidential information with them, including on their personal devices," says Sounil Yu, former CISO with Bank of America and now CISO-in-residence at YL Ventures.
Yu also recommends that organizations not be too quick to reformat or recycle laid-off workers' equipment.
"If the employee is leaving for a competitor, the organization may want to retain the employee's equipment for forensic analysis in case evidence emerges suggesting that the employee may have left with confidential information."
While layoffs are difficult for those who are losing their jobs, it is also hard on those left behind. Keep an eye on your security team and ensure they have the support they need during trying times, Code42's Hanson says.
"In any layoff situation, security needs to have bandwidth to look at more alerts, dig into more data, and address more risks in a very compressed time frame," she says. "Ensure your team is supported to do this work with the right backups and support in place."
Business disruption and the financial toll brought on by the COVID-19 has forced many companies, large and small, to let go of staff. In fact, more than 40 million Americans have filed for unemployment in the past 10 weeks, with cuts hitting major companies including Boeing, IBM, and United Airlines.
While layoffs are never an easy scenario to deal with at any time, how well they are handled varies greatly, says Niamh Muldoon, senior director of trust and security EMEA with OneLogin.
"Early in my career, I worked on a case where a layoff process went horribly wrong and resulted in huge financial loss for the company along with a huge investigation, e-discovery, and a legal case," Muldoon says. "So, I urge organizations to invest time into properly planning for this unfortunate situation."
That includes the potential repercussions if a laid-off employee decides to retaliate and walk away with private corporate intellectual property (IP) or other sensitive data. And that's not unusual: According to a recent report on 2,000 US and UK employees from email security firm Tessian, more than one-third admitted taking company documents with them when they left a job. The data also revealed US employees are almost twice as likely to download, save, or exfiltrate work-related documents before leaving or after being dismissed from a job.
How can security managers ensure data doesn't walk out the door with a departing employee? Here are 10 recommendations to keep the layoff process secure.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024