The Cybersecurity Risks of Improper Employee Offboarding: Why HR and IT Should Work Together 

In an earlier article, we reported on a cyberattack of a water treatment plant in Oldsmar, Florida. Unfortunately, cyberattacks against utility providers are far from rare. In March 2019, a water treatment plant in Post Rock Water District, Ellsworth, Kansas was hacked. This incident was different from the one in Oldsmar. Here, the hack was perpetrated by a former employee. Wyatt Travnichek, who worked at the plant the previous year, was able to access one of the organization’s computers remotely and shut down the cleaning and disinfecting procedures of the plant. 

How was this even possible? Well, Travnichek was required to access the plant’s computers remotely during his employment in order to monitor operations. However, his access was not revoked following his resignation. This is just one example of the dangers of not protecting organizational data when offboarding employees. Unfortunately, incidents like these are all too common. 

What are the risks of improper offboarding? 

In today’s world, where most data is stored online, former employees could cause major damage if their access is not regulated after their termination or resignation.  

• On average, 50% of organizational data was stored in the cloud in 2020, and that number will likely only increase. If former employees have access to the cloud, they have access to all this information. 
• 53% of organizations give all employees access to at least 1,000 confidential files, according to a 2019 study.
• 89% of employees still have access to sensitive information long after they leave an organization. 
• You can’t exclude high-level employees from this equation – 72% of CEOs claim to have stolen important intellectual property from their former employers.  

Apart from data loss, improper offboarding can also result in compliance violations, confidentiality breaches, unplanned spending, and ruined reputations. 

What steps your organization must take when setting up an offboarding policy

So you’ve considered the risks, but what steps should you take to ensure that your organization is not leaving itself vulnerable to cyberattacks by former employees? 

HR and IT must work together when creating offboarding plans so that all the correct safety precautions are taken and all parties are aware of them. Here’s how can you make proper offboarding a priority: 

1. Monitor employee activity. If you have an automatic system that monitors employees’ online habits related to work, you are more likely to catch any suspicious activities and a potential breach before they occur.
2. Always conduct an exit interview. This will ensure that there is time for all the security measures to be taken before the employee leaves for the last time. These steps should include deleting the employee’s company account, returning organizational devices, and revoking their user access to all company software. 
3. Disable data sharing methods. Check that each account and access the employee had is now revoked – for example, emails – so that the employee cannot send data to a third party before their access is revoked. At the same time, set up automatic forwarding so any emails or voicemails sent to the employees’ accounts are forwarded to the right person within your organization.
4. Immediately revoke access to all organizational files and applications. This might be a given, but the sooner you revoke access to information, the less chance there is that it will be used improperly.
5. Reset all passwords as soon as possible. Even if you get all of the organization’s devices back, without changing passwords, the former employee might still access organizational data. This is especially important with BYOD being so prevalent in the workplace because you can’t just assume that an employee has not accessed work-related accounts on their personal devices. 
6. Reassign the employee license to someone else. This will save on expenditures since you will not have to create a whole new account for a new employee. Make sure that the account is in use and the new user will notice if it is being utilized by someone else.
7. End the employment positively wherever possible. If an employee leaves with a good feeling, they are less likely to want to harm your organization.

Offboarding employees safely is no small task, even before cybersecurity is considered, but having a standardized set of practices will mitigate the risk of cyberattacks and make sure you are not caught off guard. No matter why an employee steals data, it doesn’t change the outcome. Your organization’s data safety is paramount to your employees, patients, customers, and citizens, so ensure that anyone leaving is at the same place they started – without access to any of your data.