March 16, 2022
Quitters. They’re everywhere. At least this is true concerning the Great Resignation where, in the past few years, millions have quit their jobs to seek out higher pay or better employment. In January 2022 alone, the U.S. Department of Labor reports that nearly 4.3 million left their jobs and the trend is expected to continue. According to Joblist’s 2022 Job Market Trends Report, three out of four full-time employees are planning to quit this year.
Access Not Granted
Maybe you are one of the quitters, or maybe you are one of those staying put who is also charged with making sure your company’s data stays put too. If you are worried that former employees may still know how to access company infrastructure, you’re in good company—nearly 60% of IT and security professionals are concerned about this. Those respondents were part of a recent survey for the State of Infrastructure Access and Security which focused on the Great Resignation, access issues, and the complexity of today’s environments. Especially troubling is that 83% of the respondents couldn’t guarantee that former employees can no longer access their infrastructure.
Chances are that your organization has a pretty comprehensive onboarding process for new employees and, hopefully, that includes cybersecurity training. But what about offboarding? And if you do have a process, when is the last time it was updated? Here are some suggestions to make sure that you cover your bases—referring to data and assets, of course—when someone at your company calls it quits.
1. Revoke access to company assets, even if the employee left on good terms. This means changing any passwords that might exist, disabling or deleting employee accounts, and removing their email addresses from any correspondence lists. You should audit all systems to make sure they do not have access that isn’t documented. Also, don’t forget the phone system and voicemail codes. The increase in remote work makes this even more important since employees have likely gained access to data and applications from their personal devices.
2. Remove third-party accounts, such as applications that contain company data, including apps like Salesforce, Hubspot, and company social media accounts.
3. Factory reset devices. First, confirm that all the company devices the employee was assigned are returned—cellphones, laptops, etc.—and then upload necessary files to the cloud prior to restoring the devices to factory settings. Be aware that malware can hide in devices a long time before attacking and, typically, a factory reset can remove any viruses or malware. A good recommendation is to quarantine any files removed from the devices to be analyzed by your security team.
Detailed documentation, cross training, and personnel assessments play a major role in protecting company assets, especially if an employee makes a sudden departure. In fact, all these procedures should be routinely conducted long before an employee gives any hint to leaving. Knowing each employee’s responsibilities and their documentation process goes a long way in preventing chaos that could turn into security threats.
Don’t get caught by surprise if the Great Resignation affects your organization. Let us help you prepare for it or get through it. We won’t quit when it comes to protecting your data.
Contact the HIPAA experts at PrivaPlan today. Email firstname.lastname@example.org or call 877-218-7707.