The Danger of Employees Shadow-Integrating With Cloud Apps On Your Behalf
Many employees are now shadow-integrating using unsanctioned cloud applications. Similar to Shadow IT (read more about Shadow IT here), employees...
We’ve all experienced or facilitated the process when a company onboards you (as an employee) or you (as an employer) are onboarding a new employee.
Offboarding, on the other hand, has a significant risk to the business if done improperly. Failure to completely outboard could allow former employees to maintain access to secure networks, confidential information, and sensitive company data. Access to this type of information opens companies to unnecessary data breach risk.
Offboarding is typically handled by company leadership (employee’s boss) and the Human Resource department. If it’s a less than cordial departure, the Legal Department may be involved. Cybersecurity and a company’s IT security team are often afterthoughts not traditionally included as a key part of offboarding. While HR may take away an employee’s computer, badge, and key access, employees may still know passwords and other access points to a company’s network.
In all offboarding processes, the IT security team should be looped in to ensure the proper removal of an employee’s access to the network.
What exactly do we mean by access to the network? What specific areas need to be addressed in the offboarding process? Let’s break it down.
In short, the security of your network depends on proper offboarding. While it’s true that most people have good intentions–and most former employees, if left with access credentials, would neither remember nor care–proper offboarding addresses the security gap for those employees that do not have good intentions. By leaving former employees with network access credentials, your organization can quickly lose security and control of your network. Former employees with ill will towards the organization hold power to access the network with malicious intentions or for their personal benefit. As long as former employees maintain access to the network, they are considered a threat by your IT security team.
Finally, we’ll leave you with this: a 2020 Insider Threat Report by Cybersecurity Insiders found that a single cybersecurity incident by an insider (i.e., someone who continues to have network privileges after leaving) will cost a company $750,000 in total including investigation, response, and remediation. Therefore, the report found that the most significant risk to an organization is those individuals that maintain insider access after offboarding.
Need help with proper employee offboarding from an IT perspective? PK Tech is here to help your business maintain optimal IT security. Contact us here.
Many employees are now shadow-integrating using unsanctioned cloud applications. Similar to Shadow IT (read more about Shadow IT here), employees...
With a call for social distancing to fight the spread of the COVID-19 virus across the United States and globally, it’s likely your business is...
Cybersecurity Series | Part 1 Simple Employee Precautions for Your Small Business Educating employees about cybersecurity can start small and simple....