In addition to the cybersecurity risks posed by attackers, there are other security concerns for your organization, starting with your employees. If not offboarded correctly, employees who leave your organization can expose your businesses to tremendous threats, including data leaks.
The Crucial Role of HR in Onboarding and Offboarding
HR departments play a crucial role in ensuring the processes and procedures needed for the proper onboarding and offboarding of employees are carried out correctly. Typically, much of this work deals with the employees directly, but there are also outside elements, such as communicating with external teams to ensure resources and access are either granted during the hiring process or discontinued at the end of employment.
Often, a wrinkle in the communication with these external stakeholders may be where a security risk first presents itself. If access is not set up securely or taken away immediately upon an employee’s exiting the company, there can be holes where data may be lost.
While the onboarding process helps introduce an employee to the culture, team, and overall philosophies and tools of the organization, the offboarding process helps manage the employee’s experience when he or she leaves the organization.
Proper offboarding should include all the steps needed to successfully part ways with the employee so both the employee and the organization have a positive experience while protecting valuable data from being either exfiltrated or leaked.
Proper Offboarding Is Essential for Good Cybersecurity
When looking at effective security practices, the offboarding process is an essential part of your organization’s overall cybersecurity practice. Improperly offboarding employees who have access to your business-critical data can lead to a wide array of data security issues, including:
-
Data loss—Data could be deleted or intentionally destroyed by a former employee.
-
Data leak—Sensitive, business-critical data can be accidentally or deliberately leaked by a former employee who was not offboarded correctly.
-
Compliance and regulatory violations—Employees who are not appropriately offboarded and who are involved with a data breach can leave your organization exposed to further complications.
-
Tarnished business reputation—Lost customer confidence and a tarnished business reputation can have an untold fiscal impact on your business.
-
Wasted spend—Employees who are not offboarded correctly may leave the organization wasting spend on unnecessary cloud accounts and other resources that could have been repurposed or discontinued altogether.
Experiencing any of the above results of improper employee offboarding can be disastrous to your business.
Offboarding Processes Related to Data Security
The vital offboarding processes that are directly related to the security of your organization include:
-
Reclaiming assets
-
Revoking employee access to company accounts
-
Migrating business-critical data
-
Protecting against data exfiltration
Reclaiming assets. Reclaiming assets is a crucial part of employee offboarding. Most employees who have spent any time with an organization will have various company assets in their possession. These may include the following:
-
Laptops
-
External storage devices
-
Mobile devices (mobile phone, tablet, etc.)
-
Keys/fobs
Most employees today are using many different kinds of technology to empower business productivity. At a very minimum, this may include a company-issued laptop and a mobile device such as a cellphone. Technology devices such as laptops and cellphones will most likely contain business data that could be business-critical, sensitive, or both.
Reclaiming company assets is generally the first step in the offboarding process. Many HR departments will have a “checklist” of sorts to ensure company assets are returned before the employee makes his or her exit.
Revoking employee access to company accounts. Businesses today are utilizing many different online tools, services, products, and solutions. As an employee becomes part of the organization, there is a good chance he or she may be granted access to systems and resources used by your business for business-critical tasks.
A crucial step in the offboarding process is to revoke the employee’s access to all company accounts. Revoking access helps to protect the business from any actions taken by a former employee to damage the business, destroy data, or leak sensitive information. This also helps to protect the employee from any liability or implication in any data leak or other cybersecurity event that happens afterward.
HR will generally work closely with the IT department to coordinate the termination of access to company accounts. The employee’s access may be terminated after his or her last day of employment; however, this may vary depending on your organization’s offboarding and security policies.
Migrating business-critical data. An area that can lead to a great deal of complexity for organizations is the account and associated data of the employee leaving the organization. This is especially true with accounts that exist in public cloud software-as-a-service (SaaS) environments. The employee who is exiting may have played a key role in specific business processes. The person may also have other essential data linked to his or her cloud account.
Often, organizations continue to pay for the former employee’s cloud account because it’s easier to pay for the license than migrate data between accounts using the native tools provided in the cloud. Native tools can be too cumbersome, problematic, or simply nonexistent to migrate data between user accounts effectively. This helps fuel the problem of simply leaving existing accounts of former employees rather than relocating them.
While this may be sustainable after one or two employees leave, the costs begin to add up over time as employees come and go. Organizations can find themselves paying for dozens, if not more, unused accounts to maintain access to the account data. A third-party tool can help migrate data between an existing cloud SaaS account and another user account in the cloud. This allows organizations to reclaim the spend on any unused accounts that may exist. It also helps consolidate and organize business-critical data effectively and efficiently...
Source: HR Daily Advisor