The U.S. macroeconomic environment has prompted large rounds of layoffs in the first quarter of 2023, which has affected sectors beyond tech, media, and retail.
According to the Ponemon Institute 2022 Cost of Insider Threats Global Report, 56% of insider incidents were due to negligence and 26% were perpetrated by criminal or malicious employees or authorized individuals. All companies must manage terminations, but downsizing initiatives stress the organization and its human capital in an acute way. Since threats associated with employee attrition span security disciplines, progressive companies use an integrated and proactive approach to reduce risk to corporate assets, brand reputation, and workforce safety.
Research shows that terminations can affect psychological coping mechanisms of certain employees, which can make them vulnerable and subsequently motivate them to act in malicious ways. In other cases, the human impact of layoffs can make some employees forgetful of standard security procedures. In advance of terminations, it pays to review security operations both for the employees being let go and those who will remain.
A ‘safety first’ approach during an employee termination or round of layoffs can minimize the impact of threats during these transitions and offset some of the emotions that run high in these situations.
Goals of a ‘Safety First’ Approach to Termination Events
Life-Safety— Protect employees from outbursts
Workplace Security—Control access to office environments
Data and IP Security—Safeguard networks and work product
Devices and Property—Secure assets that belong to the company
Threat Management—Monitor for threats after a termination or round of layoffs
For Departing Employees
Offboarding best practices include the following:
Handling terminations in person reduces the opportunity to set up “backdoors” to company systems.
By offering generous exit packages, some firms seek to reduce the trauma experienced by the departing employee, which is likely to reduce outbursts and insider events.
A streamlined process to securing key cards and credentials, along with laptops, cell phones and other corporate property eases stress on everyone.
Exit interviews should reiterate the departing employee’s responsibility to maintain all aspects of the confidentiality agreement that was part of their hiring package.
Recognize that these employees are likely targets of bad actors seeking system access credentials or knowledge about the company’s inner workings, processes or product development. Exit packages could include tips to avoid phishing attacks and offer support to the employee if they are approached.
Should a company go through a round of layoffs or have a particularly contentious termination, it may be prudent to institute a threat management program where trained analysts montior social networks, public websites, online forums, and the Dark Web to identify hostile content focused against the company or its leadership.
For Remaining Employees
Uncertainty about a restructuring or even the loss of a key employee in a department creates stress and the potential vulnerability for certain workers to think in malicious ways. A clear communications plan is one of the best risk reduction strategies to help guide the transition for the remaining employees. There is an opportunity to offer reminders about office access and other security procedures so that the workplace remains a safe environment.
Check security training curriculum to make sure there is an Insider Threat component and it offers ways to identify colleague burnout or other red flags.
Remember, employees are always targets for phishing and ransomware attackers. Security training should include clear guidelines on what to do if workers accidently click on a malicious link.