Page 68 - Cyber Defense eMagazine August 2024
P. 68
However they occur, the impact of these insider incidents cannot be overstated. Per a recent report, the
average cost of an insider risk event has skyrocketed to $16.2 million in recent years. Working proactively
to prevent these events needs to be a central part of any comprehensive security plan.
Businesses know this — many are already taking serious measures to prevent insider incidents. But
surprisingly, in all of these discussions, one crucial component of the frontline worker lifecycle has
continued to go largely under-discussed: the importance of offboarding.
Why offboarding matters
For many businesses, offboarding is an afterthought — a matter of sorting out paperwork and adjusting
the payroll. In fact, optimized offboarding experiences can be just as central to your business' overall
health as optimized onboarding experiences — and are perhaps even more critical when it comes to
insider risk reduction.
Again, a substantial proportion of insider risk events have little to do with active malice on the part of
employees (current or former) and more to do with inadequate security protocols. Phishing attacks, for
instance, are continually on the rise, and without adequate training, any employee — current or former
— is potentially susceptible. For example, a hacker can easily pose as someone from your company and
ask for sensitive information like old passwords.
How can employers prevent this from happening? First and foremost, organizations need to consider the
employee’s entire lifecycle and take time to thoroughly remove a departing employee's access to private
company data and communications channels. This process is significantly easier for companies that have
already taken steps to digitize their frontline workforce. After that, they need to engage in comprehensive
post-departure security training. That means ensuring your departing employee knows they will not be
contacting them for personal information down the line and that they should forward any such fraud
attempts to HR. The benefits of this approach are manifold. Beyond keeping your company’s sensitive
information safe and secure, hands-on offboarding ensures your employee leaves with a positive
impression of the company. This can go a long way towards preventing threat events that are intentional.
Optimizing the offboarding process
Right now, HR personnel are more stressed than ever — and the offboarding process only compounds
that stress. A departing employee, after all, needs to be replaced — and finding the right employee for
an open position is perhaps the most challenging part of the job. Juggling the demands of the hiring
process with the million micro-tasks of the offboarding process is a recipe for disaster, with HR personnel
(understandably) struggling to stay on top of the requisite tasks.
Crucial paperwork often goes unfiled, access controls stay unchanged, and departure protocols are
neglected. This is not a reflection on HR personnel, who are doing their best in a tough workplace.
However, this situation isn't sustainable and ignoring it has serious implications for insider risk.
Cyber Defense eMagazine – August 2024 Edition 68
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
