There’s a famous phrase you’ve probably heard before: to err is human.
Those words sum up why your security posture needs to focus on human actions–or the absence of them.
When seen from this lens, cybersecurity becomes about much more than cleaning up after mistakes. It’s about proactively putting into place measures to prevent the sort of human error that can cost your organization big time.
This human component–commonly known as “insider threats”–can be categorized into either malicious, accidental, or negligent.
Insider threats account for a whopping 39% of all data breaches according to recent research.
In the U.S. a data breach costs a company on average $8.19 million. The cost per breached record, $242, is steep too.
There are a lot of steps you can take to mitigate the risks posed by insider threats. But one of the best actions you can take is to avoid these three common employee offboarding mistakes.
Why Does Employee Offboarding Matter?
What is the worst thing a person can do to hurt their previous employer? This may never be more than a passing thought for most people, but whenever there’s a layoff, at least a few of the freshly terminated employees are seriously pondering it.
They could:
- Pay someone else to disrupt the business
- Sell passwords to the highest bidder
- Sell detailed insider information
A smooth and swift employee offboarding process can help mitigate the changes of an employee having the ability to do something malicious.
Even if there are no malicious intentions, employees may still–even unwittingly–have access to important customer information and systems. Not only can this weaken your security, but this can also be a breach of a number of data protection laws.
What are the Three Most Common Employee Offboarding Mistakes?
Here are the three most common employee offboarding mistakes.
1. Not Collecting Employee Equipment Quickly
To ensure you collect all employee equipment quickly you need a solid process for managing the provisioning and deprovisioning of it.
You should document equipment assigned to employees; require employees to accept and sign an equipment agreement that includes a list of received equipment that must be returned upon termination; and ensure that you collect all equipment immediately when someone is leaving your organization.
2. Not Taking Into Consideration BYOD Devices
Companies are moving toward a BYOD mindset where the employee is able to provide their own devices – laptops, cell phones, and tablets – on top of VDI technologies.
You need to make a plan to proactively manage data access and ensure that when someone leaves you’re able to remove any company data from their devices.
This should clearly be outlined in any BYOD device agreement that employees sign.
3. Not Keeping Track of an Employee’s Software Usage
The challenge with the growth of SaaS usage and Shadow IT is that you need to figure out what apps employees have signed up for and used, what access permissions you must revoke, and what company data resides in these apps.
It’s not always easy to do this due to the sheer volume of apps in use. That’s where a SaaS management platform like Augmentt comes into play.
A single dashboard for all SaaS apps and usage can increase visibility and avoid security risks associated with employee offboarding.
For example, employees can be quickly onboarded and offboarded to and from the applications they need. Plus, reports can readily show which users have access to what applications, and which licenses.
These processes can automate and simplify life for IT, enabling greater efficiency and productivity.
Reducing Insider Threats With Employee Offboarding
It’s true that to err is human, and humans will keep erring. But increasingly, technology and improved practices can help you shape certain critical processes — preventing one small mistake from becoming a major problem.
