According to a new Tessian survey “How the Great Resignation is Creating More Security Challenges,” 71 percent of IT leaders believe the “Great Resignation” has increased security risks in their companies. According to the survey, 45 percent of IT leaders have witnessed an increase in data exfiltration in the last year, as employees took data with them when they left their jobs. In fact, 29 percent of employees admitted to taking data with them when they left their jobs.
As many people leave jobs and others are hired to replace them, it is a nightmare for talent and HR, but it’s also a nightmare for IT security teams, since the job-switching trend poses serious data security risks. Organizations must now, more than ever, examine how to manage sensitive data handled by employees as they leave the company, take on new positions, or fill staffing gaps.
Keeping track of offboarding
Addressing these issues can be a difficult task. The need to offboard employees securely and quickly is the most pressing challenge that IT and cybersecurity teams face in the current environment. Inventorying any systems that departing employees have access to will be required, and document ownership may need to be transferred to other personnel. Access to tools, apps, and databases will need to be disabled, which is especially important if the person had a senior role with privileged access to data and systems. Passwords that have been shared will need to be reset as well.
Also Read: The Significance of Data Destruction for Data Security
Securing hardware and data migration
Personal devices may have been used to access company applications, making data management and access removal a necessary but time-consuming task. Laptops and other company equipment must also be returned and reset. Some employees may use cloud services to store data, which will need moving that data to a different account or platform. It may appear to be easier to simply keep paying for the account, but this would most certainly result in a monthly fee and an administrative hassle in the future.
Devices need to be reset to factory settings
If an organization supplies mobiles or laptops, security teams must return the device to factory settings after uploading any relevant files to the cloud. Malware can hide in devices for months or even years before launching an attack, and there’s no way of knowing what the former employee downloaded. Viruses and malware are usually removed by doing a factory reset, unless they infected the data rather than the system.
It’s good practise to put the files that security teams take off these devices in quarantine before mixing them with other company documents, giving them time to assess them for threats.
Also Read: Managing Identities and Entitlements to Mitigate Cloud Security Risks
Retaining institutional knowledge
The tremendous impact of Great Resignation is also having a significant impact on cybersecurity teams, who are already overburdened as a result of the shift to remote work, and are now losing their teams members as well. When security professionals depart, they frequently take institutional knowledge with them, requiring teams to re-learn or re-establish crucial processes. Worse, teams may be left to carry out legacy security processes without understanding the why or how they are carried out.
Through extensive process documentation, staff assessments, and cross-training, leaders must seek to ensure that institutional knowledge is retained. They must know what each employee is responsible for and who could take over in the event that they were to quit unexpectedly. Otherwise, when it happens, they’ll be leaving their company susceptible to security risks. Data loss prevention (DLP) software, along with training and documentation, can help in the retention of institutional knowledge.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
