Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

10 Tips for Maintaining Information Security During Layoffs

Insider cyberthreats are always an issue during layoffs -- but with record numbers of home-office workers heading for the unemployment line, it has never been harder to maintain cybersecurity during offboarding.
8 of 12

Choose Your Decommissioning Path Wisely

While security executives are on the same page about the importance of locking down a laid-off employee's network access, their approach regarding how it should be handled differs.

"Don't rush to cut access or push people out without the ability to collect personal files," advises Jadee Hanson, Code42's CISO and CIO. "If you all of a sudden start treating your employees poorly, you should prepare for damage to be done to your company."

But others were of the opinion that terminated employees should be immediately locked out of systems to prevent retaliatory behavior.

"When it comes to offboarding and protecting corporate IP, timing is everything," says Rick Holland, CISO at Digital Shadows. "The termination process should be orchestrated to eliminate opportunities for staff to steal or destroy data. Corporate access should be disabled at the exact time that the employee is informed of the termination."

For high-risk staff, proactively enabling additional monitoring via solutions like user and entity behavior analytics (UEBA) could alert to any suspicious activity before the employee's actual termination date, he adds.

Yet some also recommend a more nuanced, case-by-case approach.

"The key question to ask in the context of employee separations would be, what audit controls are in place to identify data that was accessed by the employee, and can those audit controls ensure that all data is returned intact when an employee is returning their physical assets," says Tim Mackey, principal security strategist at Synopsys CyRC.

(Image: Pixel-Shot, via Adobe Stock)

8 of 12
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
All Links Are Safe ... Right?

Source: Mimecast

What security-related videos have made you laugh? Let us know! Add them to the Comments section or email us at [email protected].

Name That Toon: Tough Times, Tough Measures
Latest Comment: Wear a mask, please!
Flash Poll