While the obvious challenge of the Great Resignation is rising labor shortages, the phenomenon is now posing a critical risk to another important aspect of the workforce: cybersecurity. With record numbers of employees across the globe abruptly quitting their jobs, companies are now faced with the larger task of ensuring the door is firmly closed behind former employees, who may still have access to corporate digital assets after their last day.
Why is offboarding a security threat?
Today’s offboarding processes can leave former employees with continued access to sensitive digital assets – a huge liability to their former employers. As most companies and leaders know, not every employee leaves on good terms, and the retrieval of company hardware assets, which may store sensitive information, can often be a challenge.
A recent report found that 83% of employees continued accessing accounts from their previous employer after leaving the company. Also, that a staggering 56% of employees had used their continued digital access to harm their former employer. Some personnel may intentionally retaliate against their former employer; some may leverage valuable IP to impress prospective rival employers; and some may even leak sensitive information accidentally.
The transition to remote work has only made it easier for attacks or just mistakes like these to occur. Whether malicious or not, each former employee may pose a considerable cybersecurity risk, and should be offboarded accordingly.
Remote work trends – a compounding risk factor
Beyond just offboarding concerns, employees across all industries are also demanding remote work flexibility from their employers. While adapting company culture to meet employee needs is a positive step, remote work may increase cybersecurity risks.
A hybrid workforce environment grants employees, using mobile and laptop devices, access to sensitive company data from unknown network environments with uncontrolled security posture. As companies modernize their IT service delivery strategies to keep up with these remote work trends, they must also stay 10 steps ahead in their security processes.
What should businesses do to mitigate risks associated with the evolving workforce?
It’s not enough for enterprises just to leverage an internal risk management strategy based on the assumption that in-office work is the default and remote work is the exception. Organizations need to evolve their strategy to address the new workforce paradigm and prioritize process to deal with constant changes in the workforce population.
The following are best practices for establishing a secure on/offboarding process that mitigates the risks associated with the evolving workforce:
1. Leverage cloud PCs to keep control of your organization’s digital assets
Does it make sense to have a security strategy where each employee stores digital assets in their house? That is basically a laptop-first strategy. What if they don’t return the laptop?
Companies looking to maintain an agile and productive remote/hybrid work environment while also mitigating security risks should consider a cloud PC strategy that centralizes digital assets in the cloud. Some cloud PC platforms even make it possible to prevent any data from being stored or copied to the endpoint, reducing the risk of data theft or misuse.
Cloud PCs ultimately simplify the logistics of offboarding because there is one place to turn off access to digital assets. This strategy doesn’t rely on former employees to return hardware so companies can maintain control over data.
Cloud PCs make it possible to support a BYOD strategy with remote employees or contractors. When exploring cloud PC options, leaders should ensure the platform they select:
- Provides deep visualization of user connectivity, and the ability to terminate access to data and applications immediately in the event of a departure (or for any other security issue)
- Allows them to export relevant security data to their SIEM platform, which will extend security analysis to include end user activity
- Connects to HR/ITSM systems so offboarding is fully automated, leaving no chance of mistakes or gaps in processes between departments
2. Adopt a zero-trust IT strategy
Remote work may increase risks for IT, especially in relying on employees to do the right thing and keep the company resources safe. Basic common sense tells us that the less control an employer has over company resources, the higher the likelihood of a security incident. Similarly, having data extended across a massive number of devices, applications, and people substantially increases risk.
Adopting a zero-trust framework essentially means trusting no one – inside or outside the organization. With a zero-trust model in place, access is granted based on identity verification, rather than the outdated device-based access management method.
In making the switch to cloud PCs, organizations can quickly adopt a zero-trust framework. In this case, IT will have ultimate control without having to rely on employees to do the right thing. An effective zero-trust framework fosters a secure remote work environment by reducing IT risk to a level at or below when all employees worked in the office.
Remote work is here to stay
Successful organizations will have evolved their organizational strategy to handle the new challenges of remote work and rising employee turnover rates by accounting for cybersecurity risks posed by past, present, and future employees.
Now is the time for leaders to formulate a comprehensive remote work and offboarding security plan that ensures data protection from every angle.
Source: https://www.helpnetsecurity.com/2022/03/23/workforce-cybersecurity/