Skip to main content

Back to Blog

Avoiding Insider Threats When Layoffs Occur

As layoffs continue in the tech sector, organizations need to be aware of insider threats associated with workforce reductions.

As Josh Horwitz writes for Spicework, layoffs can have unexpected results, especially in times of financial concern. Insider threat incidents can have lasting repercussions, and have increased in frequency by 44% in the last two years, according to the Ponemon Institute. The cost per incident is also now up to a whopping $15.8 million.

Insider threats are a category of cyber attack, but they aren’t always based on the actions of a vengeful ex-employee. While revenge may be a factor, personal gain is more likely. Headlines threaten an ongoing recession and LinkedIn is full of unsuccessful job hunters, so it’s not surprising that some people, when laid off, will take what they can to help themselves out of a bind. This may include proprietary tools, data, or material they could use to either impress or bribe a future employer.

The other source of insider threats is less sinister, but just as concerning. Companies frequently forget to observe their own policies when it comes to protecting their systems and data when they lay off a group of employees. Through plain old negligence, organizational secrets can remain unprotected for weeks and months.

Whatever industry your company is involved with, there are some tips you can use to navigate tricky layoff conditions while protecting your business.

1. Lock down permissions and access

Before a layoff is triggered, there needs to be an integrated plan between Human Resources, the board, management heads, and the security team. As soon as communications go out to the employees being laid off, their access needs to be terminated as swiftly as possible. This goes for both physical and digital materials, from access to a building or certain rooms all the way to access to specific files or networks. After employees return their devices, all of them should be wiped.

Additionally, accounts should be deactivated (which may be easier with SSO systems)…and then there should be an auditing process. Actions must be taken quickly and in a systematic way to ensure that no employee is left with lingering access to sensitive material.

2. Review all file sharing possibilities

When a layoff occurs, emotions run hot. Employees may react by sharing company data or taking key material with them by uploading it to cloud storage accounts, file-sharing sites, or even USB drives. To mitigate this, companies may want to use an endpoint agent to enforce lockdowns on the uploads of company data, before even announcing the layoff. Continuing to audit file sharing after the layoff has been made is also crucial.

3. Strict password policies

It might seem simple, but changing system passwords post layoff is an exceedingly important step to ensure organization safety. Not only will it help prevent potentially angry ex-employees from accessing materials, it will also help prevent future breaches. Due to the rampant issue of password reuse, it’s quite likely that employees have used the same passwords at their job as they have for their bank accounts, personal email addresses, and who knows what else. Threat actors are wise to this and frequently use compromised credentials to access organizational networks.

With the uncertain job market leading to increased layoffs, organizations of all sizes and sectors must remain vigilant against insider threats. By prioritizing cybersecurity, companies can protect their data, employees, and customers during these challenging times and in the future.