The hidden security risks in tech layoffs and how to mitigate them

In the shadowy corners of the tech world, there are many stories of administrators locking organizations out of their own IT environment, greedy employees selling data, or security engineers making a backdoor into the network. The motivations for such acts can range from financial gain to revenge, and the consequences are usually disastrous for all involved.

The recent tech layoffs that have swept various industries have only added to the phenomenon. “Very large organizations only need a poorly screened and treated one [employee] to inflict a lot of damage,” says Frank Price, CTO of CyberGRX, a company that helps organizations manage, monitor and mitigate risk in their partner ecosystems.

Internal sabotage can begin even before workers are fired. The mere rumor that a company is downsizing can create a sense of panic and confusion, which can cause people to react in harmful ways. “There are three things that determine whether or not an employee leaving the organization can become bitter if not handled properly: access, motive and opportunity,” says Tom Van de Wiele, principal threat and technology researcher at WithSecure.

Data shows that employee disengagement can lead to brand damage, reputational damage or financial loss. According to DTEX Systems’ 2023 Insider Risk Research Report, 12% of employees dispose of sensitive intellectual property upon leaving an organization. This often includes customer data, health records, sales agreements and other vital documents. The people most likely to cross the line are those with side gigs or looking for new career opportunities, perhaps at a competitor.

These are all serious concerns for organizations, but luckily, these situations can be prevented. Here are some steps you can take to mitigate negative outcomes during the layoff process.

Show empathy and respect

Layoffs are almost always emotional experiences for employees. “Companies need to realize that all human beings deserve respect and care,” says Armaan Mahbod, director of security and business intelligence for counter-insider threat at DTEX Systems. “Whether the outcome is positive or negative, empathy can go a long way.”

Copyright © 2023 IDG Communications, Inc.

Source link
Layoffs have always been a daunting task for both employees and employers. Over the past decade, with the rapid advancement of technology, the process has become more complicated. While it’s necessary to make cuts to the workforce to stay competitive, there are several important security implications to consider during tech layoffs.

Undoubtedly, layoffs significantly impact those that go and those that stay. However, the greatest risk comes from potentially exposing confidential data and increasing the risk for cyberattacks. When an employee is let go, an organization puts itself at risk of having data or credentials abused if not properly addressed following the termination.

At Ikaroa, an experienced tech company, we understand the significance of security measures during layoffs. Therefore, we recommend compliant practices that can help reduce cybersecurity risk.

One of the best practices is to begin communicating restructuring once the layoffs are final. Managers should communicate the terms of the layoffs, inform the remaining employees of any cyber threats or data theft, and what practices should be followed moving forward.

Another measure organizations should take is to ensure they disable access to all data associated with terminated employees at the moment of termination. Doing so can help mitigate the risk of confidential information being accessed by the wrong people.

Organizations should also consider continuously monitoring data sources and alerting whenever credentials are associated with malicious activity. It is important to be aware of the data stolen and the means in which it was stolen, to be able to detect any suspicious activity regarding their data.

Finally, it is important to store employee data in separate secure databases. This will ensure that in the case of a breach, corporate information contained on employee or device will extended to the rest of the corporate infrastructure.

From the moment layoffs are announced, organizations should consider how to protect data from security threats. It is important to take proactive steps to reduce risk, and for that reason, it is essential for organizations to partner with expert IT teams such as Ikaroa that can help develop strategies and solutions to ensure data is secure during tech layoffs.


Leave a Reply

Your email address will not be published. Required fields are marked *