Great resignation and relocation: facing the risk of managing cyber assets

The big quit is a big trend that poses significant challenges for organizations. Well-known impacts of the mass exodus of workers leaving their jobs include lost productivity due to understaffing and significant costs related to turnover, talent acquisition and training. A lesser-known but very significant impact relates to security vulnerabilities related to employee onboarding.

The fact is, major cybersecurity risks arise when offshoring IT processes aren’t effective at quickly cutting off access to corporate data and systems when employees leave. The problem is far from hypothetical, given industry research showing some 72% of employees admit to taking a certain amount of company data with them when they leave their job. And the threats are amplified as the number of offshoring instances increases under the Great Resignation.

The risks of insecure offshoring protocols include loss of IP address, increased vulnerability to cyberattacks, data privacy breaches, and compliance breaches and accompanying fines. Fortunately, a solid cyber-asset management plan to make offshoring safer can help minimize these risks through process improvements, better technology, and significant automation.

Offshoring creates IT and security challenges

From an IT perspective, the employee exit interview is the easiest part of offshoring. The biggest challenge is access management and the need for a quick and complete removal of future former employees’ access to systems and data.

Offshoring is one of the most challenging access management use cases involving complex cyber-asset management processes that must be optimized to ensure fast and secure offshoring across the entire IT estate.

Especially in the case of long-time employees or administrators, the relocated person may have had access to many different systems. The limited visibility of cyber assets can make it difficult to map all the permissions a former employee may have had in the first place, especially if the departure was sudden and uncooperative. Additionally, data and access may have involved multiple personal (BYOD) and corporate devices, making securing devices more complicated than simply returning physical corporate property.

Overall, offshoring processes may not be cross-functional enough to allow HR, IT, and business leaders to effectively collaborate around the timing and targeting of access removal. Unfortunately, these execution gaps allow risks to multiply with each passing minute or hour. Disgruntled ex-employees may be motivated to exfiltrate sensitive or valuable data. Even for amicable employee departures, continued access to company data or systems by non-employees represents a breach of data privacy, which can result in severe penalties and fines. breach of GDPR and other data privacy regulations.

An additional risk arises from orphaned accounts that are not closed and can be targeted by outside hackers for access and control. Recall the point above about how some long-time employees or administrators may have had sprawling access across systems. If an account like this isn’t shut down when the employee leaves, it becomes the holy grail for malicious actors who, depending on the nature of the orphaned account, can gain what could amount to super- user.

Learn more: 5-point checklist for fixing high-profile cybersecurity threats

Secure, scalable and automated offboarding

Given the range of challenges, the solution to integrating security must involve a comprehensive plan for managing cyber assets. To be effective, this plan must be comprehensive and include process improvement, technology enhancements, and automation.

From a process perspective, success relies on cross-disciplinary collaboration and the proactive involvement of the IT team on the timeline and cut-off targets. These transparent processes should be supported by well-orchestrated cyber asset management policies for notifications and alerts to affected stakeholders and systems. Robust cyber asset management protocols should also be in place for all SaaS-based systems to facilitate system actions and document those actions for compliance.

Remember that each instance of offboarding generates one or more IT tickets. So even if your staff and IT processes are strong, the large number of boarding tickets can lead to delays in execution. These backlogs represent risks since delays in closing a ticket can increase the time between an employee’s exit and when all access is complete. This is why automation is key to creating the cyber asset management playbook for offboarding.

Automation became essential to keep up with the extent of offshoring during the Great Resignation. Success requires implementing automation to handle the workload at scale, even if the processes are perfect. It’s not just because limited IT teams have to deal with a higher frequency of outsourcing instances; it’s also true that IT teams themselves can be smaller because, of course, technologists are also part of the big quit.

Workflow automation uses cyber asset management techniques to align processes with technologies and platforms that can easily scale them, such as when customizing a SasS-based tool with predefined knowledge containing optimized processes tailored specifically to the company. This helps to make the relocation process more efficient, secure and repeatable. Remember to make the scope of automation inclusive beyond just employees to include contractors, supply chain partners, or any other stakeholder who may have access to any part of your systems.

The Great Resignation shines a light on offshoring and highlights the need to secure and optimize the process of severing the ties between a departing employee and valuable company systems. Faced with these challenges, more and more organizations realize that secure and effective offboarding must be guided by a holistic, coherent and interdisciplinary plan strategically anchored in the management of cyber assets.

How do you think Can Employers Mitigate Offshoring Cybersecurity Risks Through Cyber ‚Äč‚ÄčAsset Management? Tell us about Facebook, Twitterand LinkedIn. We would love to hear from you!

LEARN MORE ABOUT CYBER RISK MANAGEMENT

Leave a Reply