With talks of inflation starting to dissipate a little bit,
and while the job growth here in the United States seems to be still rather
robust, I’ve got to be honest and say than I am a bit surprised to see the total
number of tech layoffs that have been happening here in the United States.
Now, it is nothing like when the Great Recession happened,
but it is still surprising when all you keep hearing about are the number of
Cyber jobs that still need to be filled.
Whatever it is, I hope these people will find something that
they are passionate about, and will take them to even higher levels. However, given this trend, there is now a new
Cybersecurity fear that is coming up.
And that is, how will terminated employees react when they are
let go? Meaning, is it possible that
they could launch an Insider Attack, given all of the knowledge they have about
their former employer (especially those that have worked in the IT Department)?
Put another way, how could one of these possibly disgruntled
employees make an attempt to cause damage by stealing the datasets that they
have worked years on? The probability in
these cases is very real. Maybe this was
not so much a problem a few years ago, but with companies now making the rush
to the Cloud, these datasets are now becoming vulnerable to anything that is
nefarious.
During the offboarding process, employees are normally asked
to turn in their badges, laptops, and any other security tokens that they may
have been given during the course of their tenure. But now, this a complex process, given that
many people WFH from now, you now have digital tools that are performing some the
more mundane tasks, and that there are contracted workers that could be
dispersed worldwide?
Just consider some these stats from a recent survey that was
conducted by a recent survey from Oomnitza:
*10% of the respondents have lost possession of their digital
assets after they terminated an employee;
*42% of the former employees try to break into the former
employer’s Cloud deployments in order to try to heist some sort of PII dataset.
More details on this survey can be found at this link:
https://www.oomnitza.com/resources/2022-state-of-offboarding-process-automation/
So, all of this now filters down to this basic
question: How can I have an offboarding
program that will more or less or guarantee that my former employee will not
try to cause any harm? Here are some tips
that you can follow:
1)
Process Automation:
As mentioned earlier, whenever an
employee leaves, the checklist was quite simple. But now it has become a complex process. Because of this, there have been advancements
in the area of automation to make sure that not only everything has been
retuned, but all accounts, user profiles, and groups that this employee once
belonged to are now either deleted or deactivated. This can be a good thing to have, because with
so many rights and privileges being granted, the IT Security team can even
forget to disable something. As a
result, this can be a backdoor for the ex-employee to enter into. One such automation package that has been
given great attention is what is known as “Enterprise Technology Management” solutions,
or ETM for short. In these kinds of
software packages, you can enter all of the user groups and profiles that each
and every employee belongs to. So once
an employee decides to quit or is terminated, all you have to do is enter the
last day that they will work, and everything else is done automatically, in
terms of deprovisioning all of the former employee’s accounts. In the end, nothing is left behind, thus
leaving your environment reasonably safe and secure.
2)
It takes a simultaneous approach:
Remember, employee termination now
touches just about every department of a business, ranging not only from the IT
Security team, but to HR, and even Finance/Accounting. Once it has been decided that there will be a
mass layoff, or that an employee gives their two week notice of their intention
to quit, all of these departments need to come together to make sure that all
of their own digital assets will be safe.
In terms of HR, they need to make sure that all of their employee records
will be intact, and from the finance/accounting perspective, these departments
need to make sure that all PII datasets (especially those that contain Social
Security numbers and home addresses) will also be secure as well. In other words, there needs to be some sort
of policy between these three departments that will serve as a trigger point
for simultaneous notification of an employee departure.
3)
The need to have sound IAM policies:
This is an acronym that stands for “Identity
& Access Management”. In short, this
is an area of Cyber that stresses the need to make sure that all employee accounts,
and their associated rights and permissions are updated all of the time, and
any escalation in them requires a special review by the IT Security team. Also, a key aspect of this is the concept of “Least
Privilege”. This simply means that all
employees are given enough access to what they need to support their every day
job tasks. This even includes the
C-Suite and the Board of Directors. Nobody
is immune to this rule, whatsoever!!! By
having an effective IAM policy, this will trickle down to ETM solution, as
described previously. Meaning there will
be no need to do double the amount of work.
It would be ideal if these systems could potentially “cross-talk” with
one another in order to keep things updated on a real time basis.
4)
Pay close attention to the Hybrid Cloud:
This is where the Public and
Private Cloud deployments intersect with each other. In today’s world, many applications are being
put into this kind of environment in order to save time on deciding exactly where
else to put the SaaS applications at.
This simply means that people will have certain access to some apps, and
some won’t. It is one thing if
applications were being loaded up one at a time, but now the corporate world is
finding itself deploying many of them all at once. With this, comes the confusion as to who has
access to what, which can lead to data leakage issues. Therefore, special attention needs to be
given to the Hybrid Cloud if you are making use of one. I know that Microsoft Azure provides tools
that you can use for almost free to help fortify your Hybrid Cloud.
My Thoughts On This:
Letting go of an employee for lack of a better term, sucks
from both sides of a fence. If you are faced
with this situation as a manager, you need to try to be as cordial and
understanding as possible. You need to
show empathy, and offer all means of support that are within your means, especially
when it comes to severance packages, and reimbursing for unused vacation and
PTO time.
Try to provide ways for your soon to be ex-employee to find
another job.
Taking this kind of approach can prove to be just as fruitful
in avoiding any subsequent security breaches as well. Also, keep an eye for any malicious behavior
for up to two weeks after the employee leaves your business. This is the peak time for Insider Attacks to
happen, and according to a survey by Cyberhaven, 83% of rogue behavior occurs in
this time span. More information about this
can be seen here:
https://www.cyberhaven.com/blog/2022-insider-risk-report/
No comments:
Post a Comment