Three years after I left my former job, I got an official letter telling me the organization suffered a data breach. My personal information was at risk of identity theft. I shouldn’t have been surprised. That job’s offboarding process hadn’t been the best. For years after leaving, I had access to my email and to databases filled with sensitive data. While the cause of this data breach was never revealed, it could have very well been a former employee with a grudge, someone who had the same easy access I did. 

The employee offboarding policy and process is usually handled by human resources and the employee’s bosses. Maybe legal gets involved if there is something nefarious happening. IT and cybersecurity are an afterthought, if decision-makers even consider them at all. Even if you take away the former employee’s physical access — the keys, the badge — they may still be able to log in to the network, putting the company at risk of data breaches and putting them in violation of privacy compliance.

Before an employee goes through the final offboarding process with HR, IT and security teams should begin the process of deleting the out-going employee from network access.

Why Deleting a Former Employee’s Digital Profile Matters

The vast majority of people are good. When they leave a company — or move from one department to another — they have little interest in looking back at the offboarding process. They may not even notice they might still have access. Maybe they’ll look to see if they still have email access, but only to see if there is something important they may have missed.

But, not everyone is a good person. People will leave with bridges burned, some looking for revenge and some wanting to steal intellectual property. As long as that former employee has access to the network and data due to poorly secured offboarding, they are an insider threat.

According to the 2020 Insider Threat Report by Cybersecurity Insiders, 63% of respondents said those with privileged access pose the greatest risk to the organization. A single incident caused by an insider (or someone who continues to have the privileges of an insider) costs a company $750,000 in total including investigation, response and mediation, according to the Ponemon Institute.

Good Offboarding Helps Your Organization Overall 

Continued access, however, is only one threat to the organization’s security posture. Continuing to have data belonging to former employees mixed with current employees adds to the risks and costs if there is a data breach. Chances are, too, that you don’t silo former employees’ data in one location, but disperse it throughout the company in multiple databases and files.

Is all that information necessary? Rather than keep only what they need and deleting the rest, many organizations leave data to linger indefinitely. With data privacy regulations and compliances, organizations need a better assessment of and security over old data. Offboarding should include deleting any former cloud accounts accessed by the former employee so the company is no longer charged for the usage and the data doesn’t linger out in the open.

The former employee needs to hold up their end, too. They should delete any company apps on personal devices right away. Without access or reason to upgrade these apps, there is always the chance the user has never really logged off and is opening up opportunities for an infected device to infect the corporate infrastructure.

Create an Employee Offboarding Process

Your organization’s HR department likely has an offboarding process. That process should include IT and security personnel from the very beginning. Their role in the offboarding process should begin as soon as notice is given or as plans are in place to terminate an employee. IT and security should work together to create a checklist of their offboarding responsibilities, which should include the following:

1. Create an inventory of the employee’s digital life in the company. There should be a record of every company device in the employee’s possession, accounts they have access to and any admin permissions and responsibilities. The more that is known about the employee’s digital footprint, the easier it will be to delete it.

2. Set deadlines. Working with the employee’s manager, IT can set up specific times to delete access to accounts or have devices returned. At this point, the employee should only be able to access the data they are currently using to finish up projects. Also, begin to revoke software licenses for the outgoing user.

3. Audit what users do. Security should keep watch over network activity to ensure the employee isn’t downloading a high volume of files or moving them to personal clouds.

4. Deploy a data management solution that can easily silo employee data that must be retained.

5. Delete the employee’s access before they leave the building for the last time. Whether it is during the exit interview or the goodbye party, access to email, software, cloud services, apps and other digital properties should be removed.

6. Create a thorough list of digital devices to make sure everything has been recovered.

7. Shut access to any apps on personal devices.

8. Change passwords and set up forwarding for email and voicemail. 

9. Use a zero trust model for security. Once the person leaves, security should consider a zero trust model (if it isn’t used already) as part of the offboarding process. They should also assume that any attempt to log in is a potential threat that means action is required. 

Close the Door Behind You 

Good offboarding is like closing the door of a safe. Doing at least some of these things should help make sure your employees don’t end up in the same position I did. An employee should leave the company with the exact same amount of digital access with which they arrived — none.

More from Zero Trust

Effectively Enforce a Least Privilege Strategy

Every security officer wants to minimize their attack surface. One of the best ways to do this is by implementing a least privilege strategy. One report revealed that data breaches from insiders could cost as much as 20% of annual revenue. Also, at least one in three reported data breaches involve an insider. Over 78% of insider data breaches involve unintentional data loss or exposure. Least privilege protocols can help prevent these kinds of blunders. Clearly, proper management of access…

What CISOs Want to See From NIST’s Impending Zero Trust Guidelines

Cybersecurity at U.S. federal agencies has been running behind the times for years. It took an executive order by President Joe Biden to kickstart a fix across the agencies. The government initiative also serves as a wake-up call to enterprises lagging in getting zero trust up and running. Several organizations, including the Office of Management and Budget (OMB), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) responded to the president’s order with detailed…

Cost of a Data Breach: Infrastructure

During the pandemic, businesses and consumers saw firsthand what happens when infrastructure fails. In 2019, the global critical infrastructure protection (CIP) market size was valued at $96.30 billion. It is predicted to grow to $154.59 billion by 2027, with a CAGR of 6.2%. On top of that, each time an organization in a critical sector is the victim of any type of cybersecurity incident resulting in data loss, the event counts as a critical infrastructure data breach. Let's take a…

Companies Without Zero Trust Could Lose $1M More During a Data Breach

In recent years, the mindset for cybersecurity has shifted. It isn't a matter of if a company has a breach, but rather when a company has a breach. With the increase in cybersecurity incidents, most if not all companies will be victims of a data breach at some point. However, the latest research shows that organizations using zero trust can save more than $1 million during a breach.  Record High Costs for Data Breaches According to the 2022 IBM Cost of…