Please fill in the form below to subscribe to our blog

Don’t Overlook Security When Offboarding Employees

March 25, 2022

It Pays to Make a Security Check Part of Your Offboarding Procedures

The Great Resignation” is impacting employers all over the world as employees make shifts to their lives and careers in the wake of the global pandemic. Many people had the opportunity to put some thought into what they wanted their working lives to look like, and many of them determined that they’re ready for career transitions, or even retirement. Others used the rare opportunity afforded by additional unemployment compensation or resources to look for a better job. Plus, many folks discovered that their priorities and what they value in an employer changed because of the pandemic. However it came about, The Great Resignation has been hitting organizations in every industry and bringing some unexpected security risks with it.  

security awareness training cuts costs represented by a bright blue-white digitized dollar bill on a red, white and navy background of computer code

Stop cyberattacks & save money: See why security awareness training is your best investment. DOWNLOAD NOW>>

Former Employees Can Be Current Data Breach Risks

When an employee leaves a company, they take institutional knowledge with them, but they may also take something more concrete: data. An estimated 45% of employees download, save or send work-related files before they leave their job. This happens most frequently in the tech, financial services, business consulting and management sectors. It might be expected that some employees in departments like design would want to take portfolio samples with them, but employees in other departments also take proprietary data with them when they go like customer lists, project plans, internal reports, blueprints or formulas. Employees are most likely to steal data like intellectual property within 90 days of their resignation, with 70% of insider intellectual property thefts taking place in that window. 

Many companies aren’t careful about removing access and permissions from departing employee accounts, and that is a major security blunder. In a 2021 study, researchers determined that after their employment ended, many former workers still had access to the systems, tools and solutions that they used at their former job including old email accounts (35%), work-related materials on a personal account (35%), social media (31%), software accounts (31%) or shared files or documents (31%). Many also retained access to things like accounts with a third-party system (29%), another employee’s account (27%), a backend system (25%) and the company’s financial information (14%).   

Altogether, 83% of former employees surveyed said they continued to access accounts at their previous place of employment even after leaving the company. That’s way too much easily mitigated risk, and for many companies, the first step on the road to an expensive, damaging data breach. This is a shockingly widespread problem.  A stunning 89% of workers in a study reported they were able to access sensitive company data well after they left. While many employees won’t use that access, more than half of insider data theft incidents are caused by employees who were able to access a company’s sensitive data after they no longer worked there. Failure to remove the access that former employees have to data and applications is a security vulnerability that no company can tolerate. Employers in the UK are most likely to remove employee access – 67%  of UK employees reported retaining their access versus 87% in the U.S. and 88% in Ireland. 

Are your users ready to handle all of the risks they face daily? Make sure you’ve covered all the bases! GET A CHECKLIST>>

Parting on Bad Terms Leads to Malicious Insider Action

Unfortunately, not every employee leaves a company on good terms, and that can also lead to security complications. Vengeance against an employer from disgruntled former employees is a major danger. Over 90% of malicious insider incidents are preceded by employee termination or layoff, and if that employee still has a valid access credential, they can wreak havoc quickly. Malicious insiders have many motivations for seeking to damage their former employers, from making a quick profit by selling data or access credentials to simple vengeance. Whatever their motivation, failing to eliminate access to company assets makes it really easy for a malicious former employee to do big damage fast – and 56% of employees use their continued digital access after their departure to harm their former employer.  

Former employees also create another security risk: password compromise. An employee doesn’t even have to take a malicious action to cause their employer password-related security trouble. Password reuse, recycling and sharing are enormous security threats in and of themselves, exposing businesses to credential compromise risk. In a 2021 survey, 82% of workers admitted sometimes reusing the same passwords and credentials as they’d used in old accounts. Part of that impetus is that everyone has too many passwords to keep track of these days, and we’ve all got password-protected accounts that we haven’t used in years. Forbes magazine reports that 70% of consumers say that they have over 10 password-protected online accounts, and 30% say that they have “too many to count”.   

Of course, if that former employee is inclined to malicious action, valid access credentials for their former employer’s networks or data is a precious and highly profitable commodity. Stolen legitimate network credentials go for an estimated $3,000 to $120,000 depending on the company and level of privilege on the account. Vengeful former employees who retain access to systems and networks at their old jobs can take more direct damaging actions too, like using their old company’s resources to facilitate cryptomining and deploying ransomware or other malware

Be the hero that defeats a company’s security threats to declare victory over cybercriminals! GET THE GUIDE>>

Make a Security Check an Offboarding Step

It’s essential that organizations protect themselves from the danger presented by former employees by adding a security component to their offboarding process. Research shows that in most companies, offboarding is handled by a supervisor (33%) or HR (31%) though in some cases, it fell to a coworker (13%). Disturbingly, only half of employees are asked to return company devices only about 40% reported returning security keys or tokens and being required to wipe personal information or documents from company devices. Employees are sometimes unaware that they shouldn’t take data with them when they go; more than 40% of organizations don’t have a formal policy that forbids staff from taking work data with them when they leave.  

As employers get serious about bringing employees back to the office full-time, the next phase of The Great Resignation is certain to kick off. Most people simply do not want to return to the office 5 days per week, and they don’t intend to stay with companies that require it. 58% of workers in a survey said that they would leave their positions and seek alternative employment if they were not able to continue hybrid working at a minimum in their current role, giving rise to even more offboarding security risks for organizations to handle. Companies must take action to add a security check to their offboarding procedures or risk disaster.

Is it time to update your security awareness training policy – or create one? These 6 tips can help! DOWNLOAD NOW>>

There’s An Easy Way to Guard Against Dark Web Driven Credential Compromise Risk  

Does your company have credentials that are exposed on the dark web right now? Would you even know if it did? You would if you had best-in-class dark web monitoring working for you with Dark Web ID.  

  • 24/7/365 human and machine-powered monitoring of employee passwords, business and personal credentials, domains, IP addresses and privileged user email addresses. 
  • Speedy alerting to the appearance of protected credentials in dark web markets, dumps or other dark web sources. 
  • Deploys in minutes and gets to work immediately, with SaaS or API options available and no additional hardware or software to install. 
  • Leverage out-of-the-box integrations with popular PSA platforms, for a fast, frictionless alerting and mitigation process. 
  • Get a demo of Dark Web ID: BOOK IT>> 

a cartoon image of hands with fingers pointed at an embarrased-looking white woman with a brown bob in professional clothing

Your company’s top security risk is already inside the building. Learn how to fix it with The Guide to Reducing Insider Risk. GET IT>>

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!