We all know about the threat of threat actors trying to access our corporate data.  But with the rise of remote work, keeping an eye on employees during offboarding is an important area to watch, as well.

In many cases, employees can still access sensitive data well after they leave the job. This is even more noticeable when they logged in to corporate networks or tools every day while working at home. To prevent these insider threats, a thorough offboarding process is critical.

What Are the Risks?

You’re probably familiar with best practices for digital basics like passwords and general data protection. But sometimes, the most insidious issues arise from those processes we tend to forget about or for which we find ourselves unprepared. These risks can come from either employees in the office or remote workers.

The biggest risk brought about by inadequate offboarding is employees with access to sensitive data they should no longer be able to reach. Unhappy employees (or ex-employees) can do major damage. What if they take your confidential corporate data or intellectual property and sell it on the dark web? How would that affect your company’s brand or customer trust?

What if an employee still has access to servers or apps they could easily take down, resulting in a denial-of-service attack? You may catch on quickly, but every minute counts. What if an employee has access to personally identifiable information about your customers and other employees and chooses to exploit that data?

Especially in today’s stressful times, people’s behavior can be erratic. Getting your offboarding right is a big step in preventing these types of problems.

What About Remote Employees Specifically?

It’s important to recognize that with today’s remote workforce, offboarding tasks can easily be missed. While difficult, the process for offboarding remote employees should be consistent with any other employee.

One thing to watch out for here is employees with cloud or software-as-a-service accounts. Especially with remote employees, it may be easier to miss people with confidential or business-critical data associated with their cloud accounts.

When dealing with numerous remote employees with cloud accounts, you’ll want to ensure you’re on top of the user licensing. Licensing costs can add up. User access can become confusing and may pose a data risk.

Finally, if an in-person exit interview isn’t feasible, conducting the interview via web conference is highly recommended. The closer you get to a face-to-face interaction, the higher the chance of the employee leaving with a positive outlook of the company. Just because the employee is remote doesn’t mean their offboarding should be remote as well.

Basic Offboarding Checklist

The risks outlined above represent the bad news. The good news is an effective offboarding strategy doesn’t have to be complicated. If you properly plan your offboarding process and follow it to the letter, it can be very straightforward.

The best offboarding plans include a checklist that key departments and personnel, such as HR, IT or the security team, can follow. Consistent communication between key personnel is essential. In my experience, as a former security professional with the government, offboarding was a relatively frictionless process because our security team worked hand-in-hand with the IT department and HR department. When HR employees understand how security fits into the offboarding process, they can minimize some risk.

The most important elements to consider in your offboarding strategy include:

Conducting More Thorough Exit Interviews

You’re probably already conducting exit interviews, but are you using the conversations as an opportunity to reiterate the company’s strong stance on data protection? Are you taking the time to remind employees about the penalties for data theft?

Don’t be afraid to take a hard line on security, especially with remote employees. If you reinforce its importance, you can minimize damage. What’s more, treating employees with respect and dignity during the interview goes a long way.

Revoking Access

This is another step that is very likely on your offboarding checklist. You’ll want to disable the accounts right away but need to make sure they are also deleted in good time. If it’s a corporate account not tied to the employee, you’ll need to change the password ASAP.

The question is, do you have a detailed list of every part of the network the remote employee has access to? If access control is documented properly from the beginning and Identity and Access Management (IAM) is well-adopted in your organization, knowing who has access to what resource shouldn’t be a problem. If you handle onboarding and ongoing access properly, offboarding is so much simpler.

What Is Often Forgotten in the Offboarding Process?

Good Asset Management

Keeping an up-to-date inventory of all your assets and endpoints is always a great best practice. Do you have a good Unified Endpoint Management system? If you know what assets an outgoing remote employee has access to or has in their possession (like USB sticks, access fobs, etc.) it’s easier to recoup them when offboarding happens.

Consistent Communication Between Departments

When you’re about to offboard an employee, keep all key personnel that needs to know up to date. Poor communication between team members can cause confusion and rumors.

Timing is key here. What if HR knows that an employee will be let go but the IT or security team isn’t made aware in time? What if other employees start gossiping? This can happen through Slack as well as in an office. If the employee finds out before his or her access is revoked, even a few minutes of access to systems and resources can have serious consequences.

Monitoring for Odd Activity

IT personnel should look for suspicious movement or access leading up to the offboarding date, even if the employee is trustworthy and aware of what’s happening. Log and monitor what they do online at work, including internet activity, app usage, on-premises and remote logins, file transfers and email.

Proactive monitoring may sound draconian, but I’ve seen firsthand that pre-offboard monitoring can catch some problems before they start. Detecting breaches as they happen or preventing them from happening at all is always best.

Zero Trust During Offboarding

Employees should only have access to the devices, networks and resources they need to do their jobs. As such, organizations adopting the zero trust model will be ahead of the game to prevent breaches that result from poor offboarding. With zero trust, all users, devices, applications and processes are limited to the minimum privileges necessary to operate effectively and meet an organization’s digital defense needs.

If your organization has a solid grasp on which users have what access, knows which endpoints are active and secure, and doesn’t have to worry about users with too much access, offboarding a remote employee is simplified. Then you’ll know you’ve covered all your bases, even when it comes to remote personnel who don’t work for you anymore.

More from CISO

Who Carries the Weight of a Cyberattack?

Almost immediately after a company discovers a data breach, the finger-pointing begins. Who is to blame? Most often, it is the chief information security officer (CISO) or chief security officer (CSO) because protecting the network infrastructure is their job. Heck, it is even in their job title: they are the security officer. Security is their responsibility. But is that fair – or even right? After all, the most common sources of data breaches and other cyber incidents are situations caused…

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…