Light Dark
February 3, 2021 By Mike Elgan 3 min read
Risk Management
Security Services

A nimble organization needs to be ready for growth — and cuts. Sometimes business closure or shutting down a unit is needed, either as part of the evolution of a company, as part of a company’s growth via merger and acquisition, or as the result of restructuring or for some other reason, such as a loss of business from a pandemic. 

If business closure has to be done, do it right. Vital but often overlooked steps enable your organization to make the transition securely, safely and with minimal disruption to the rest of the business. 

It’s important to realize that business closure is a special cybersecurity event in the life of your organization for two reasons. First, the actions for doing it securely span the whole spectrum, including policy, access, partners, compliance and data destruction. Second, everything has to be done quickly and in the right order. That’s why cybersecurity in mergers and acquisitions comes into play, and why a security checklist is your friend. 

How to Navigate A Business Closure

The three parts of secure business closure are assess, disconnect and destroy.

Start with assessment when managing a business unit closure securely.

  • Conduct a detailed inventory of all hardware, software and services, as well as data and intellectual property accessible by employees inside the business unit. 
  • Determine who has access to what. 
  • Create an inventory of certificates, records, service accounts, backup processes and other areas where the business interacts on a data or authentication level with third parties. 
  • Track down all the shadow IT, including cloud services, both authorized and unauthorized. Check for installed apps to find shadow IT services they might access. Capture or delete all the relevant data retained by these services. 
  • Review all of the business unit’s contracts, checking for obligations and agreements. Seek out help from the legal department on this part. 
  • Determine which employees (if any) to retain and reassign, and which (if any) will be removed. 

Cybersecurity Best Practices for Business Closure: Disconnect

With all this data in hand, it’s time to start pulling the plug. Make sure the team thinks through the order of all this, and proceeds quickly but one step at a time. 

  • Make sure the key players know the schedule.
  • Choose a core, small group with privilege access within the business unit. They will help in the decommissioning process. 
  • For all other employees in the unit, revoke access to networks and other assets right away. 
  • Reclaim company devices.
  • Delete company data from online services before closing those accounts. 
  • Terminate any vendor deals that won’t be used in the future. 
  • Consider all related domains and their future, and be careful not to open them up to malicious actors. 
  • Work with the core business unit team to test and seek out remaining loose threads or existing access points. 
  • Terminate all remaining accounts and access. 

Destroy

After all the permissions are revoked, all accounts closed and all equipment shut down and gathered, it’s time to take the very important step of strategic data destruction to complete the unit or business closure. 

  • If you don’t have a data destruction policy or practice in place, develop one (you should have an updated policy anyway).
  • Pay attention to compliance needs in the destruction or archiving of data and inform everyone on the destruction team of the specifics. 
  • Identify which data-containing hardware will be repurposed and which will be destroyed. Follow best practices in this article for wiping, degaussing and physical destruction, being sure to end up with proper certificates of sanitization and documentation to satisfy compliance requirements. (In many cases this may involve recording video for devices as they’re being destroyed.) 

Stay Focused on People Throughout the Business Closure

Remember a business closure affects everyone involved. It’s not just about hard cybersecurity actions. It’s also about soft people skills. 

Communicate about the closure with honesty, transparency and compassion; do it early and often. Make sure all information relating to the change comes from the appropriate leadership, and not from the ‘grapevine,’ social media or news media. 

Prepare to support affected employees, whether they’re staying or leaving. Support the people remaining with access, training, information and guidance. And support the people leaving with whatever help they need to make the next transition in their lives. Treat everyone as a partner in the closure and transition. 

Note that this is not only good management, but it’s also good cybersecurity. A disgruntled former employee with an ax to grind is not going to benefit your goals to make a safe transition.

Business closure is a special and important cybersecurity event in the life of your organization. Make sure you do it with clear-headed planning, communication and thoroughness. 

 | 
Mike Elgan

More from Risk Management
April 24, 2024

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

April 17, 2024

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

April 16, 2024

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature