New Research Warns About Weak Offboarding Management and Insider Risks

A recent study by Wing Security found that 63% of businesses may have former employees with access to organizational data, and that automating SaaS Security can help mitigate offboarding risks.

Employee offboarding is typically seen as a routine administrative task, but it can pose substantial security risks, if not handled correctly. Failing to quickly and thoroughly remove access for departing employees introduces serious insider threats, leaving a company vulnerable to multiple kinds of risks, such as data breaches, intellectual property theft, and regulatory non-compliance.

Today, where SaaS applications are easily onboarded and are commonly used by users within and beyond the organization, effective offboarding procedures are non-negotiable to prevent instances of data leaks and other cybersecurity issues. Let’s explore insider risk management and user offboarding in more detail, looking at their security risks and discussing best practices for ensuring a secure organization.

Firstly, The Security Risks of Mass Layoffs

In the first half of 2024, a wave of mass layoffs continued, affecting over 80,000 tech employees. When layoffs happen this quickly and at scale, it can be even harder to offboard and effectively remove access, especially considering that the average employee uses 29 different SaaS applications.

Offboarding is usually a team effort involving IT, HR, and other departmental managers. Without clear roles and consistent processes, mistakes can slip through the cracks, leaving organizations open to having their sensitive information leaked or compromised. Considering the pace and frequency of staff turnover, offboarding will remain a priority for security teams as they manage risk and compliance.

Time Wasted on Manual Offboarding

Revoking access manually across multiple platforms and apps can be a time-consuming hassle. That’s why automating SaaS security has become crucial. When it comes to access reviews for ensuring and proving that only relevant users have proper file and data access, the complexity and time involved to manually do this process can burden organizations. Without streamlined systems or automated SaaS security software in place, organizations remain exposed to a degree of insider risks while also struggling to prove their compliance efforts.

Four****Risks of Poor Offboarding Practices

Proper offboarding is essential for managing the lifecycle of employees and mitigating insider risk, whether from carelessness or bad intentions. It ensures that when employees leave the company, they no longer have access to company assets. Failing to properly offboard employees who are leaving the organization can lead to huge risks.

1 - Data Breaches

If former employees or contractors are not promptly removed from the company’s systems, apps, and networks, they might retain access to sensitive data. This poses serious risks to the confidentiality, integrity, and availability of that data. Disgruntled ex-employees or those who inadvertently retain access could expose, alter, or delete critical business data, customer information, financial records, or trade secrets. For example, a former mobile payment company employee downloaded reports containing the personal information of U.S. users, potentially affecting 8 million people. Such incidents can lead to significant financial losses, reputational damage, and legal issues for the company.

2 - Compliance Violations

Weak or manual offboarding processes can also lead to compliance violations, especially in regulated industries like healthcare, finance, and government. These industries have strict rules about data privacy, information security, and access control. Not removing access privileges and ex-employees from authorized user lists can result in not meeting these regulations - resulting in big fines, penalties, legal issues, and harm to reputation and credibility.

Financial industry companies doing business with New York consumers are subject to strict regulations regarding data security. In the event of a data breach that exposes Non-Public Information (NPI), these companies must not only identify the issue, but also notify the New York Department of Financial Services (NY-DFS) within 72 hours of discovery, as mandated by NY-DFS Cybersecurity Requirements. A major title insurance company in the U.S. was found violating NY-DFS regulations by failing to implement proper access controls and security measures, resulting in a $1 million penalty and an agreement to implement remedial measures for securing consumer data.

3 - Insider Threats

When employees are not properly offboarded, they pose potential insider threats, whether deliberate or accidental. Former employees retaining access to sensitive systems and data might seek to disrupt operations, steal information, or compromise business processes, as exemplified by the case of two Tesla ex-employees who leaked data of 75,000 users to a German media outlet. Even when unintended, retaining access after departure can inadvertently expose sensitive information or create vulnerabilities. Detecting and addressing insider threats is challenging, underscoring the importance of thorough offboarding procedures and vigilant monitoring of suspicious behaviors surrounding an employee’s departure.

4 - Intellectual Property Theft

Wing Security research alarmingly reveals that 43% of businesses may have ex-employees who can still access organizational code repositories on GitHub or GitLab. Poor offboarding can also lead to code exposure and intellectual property theft. If ex-employees aren’t quickly removed from systems and repositories while possessing access to proprietary info, trade secrets, source code, or confidential research and other company data, they might still access and misuse this valuable intellectual property. This could lead to big financial losses, competitive disadvantages, and legal issues for the company.

Automation Best Practices

Using automation in SaaS Security Posture Management (SSPM) is a simple and effective method for consistent and thorough offboarding. Automation not only makes it easier to revoke access across multiple SaaS apps, but also saves a lot of time, frees up resources, and reduces the risks of manual mistakes and oversights.

Automation also helps streamline the tracking of permissions and data sharing, which can be especially tricky, especially when figuring out all the access given before an employee leaves, quickly. Knowing what data has been shared by whom, and with what permissions, is crucial for keeping data secure.

A critical access hospital in Colorado paid $111,400 for a HIPAA violation after a former employee retained access to a scheduling calendar with 557 patients’ protected health information even after termination. Had automated processes been in place to detect and revoke the ex-employee’s access promptly upon separation, this improper access and compliance penalty could have potentially been avoided.

Automation also relieves the heavy administration often required for regular audits and compliance reporting. The risk of unknown lingering access, after someone leaves, is such a concerning threat that policies require systems in place to detect it. Continuous monitoring and a few simple automations can quickly identify and remove access after offboarding, to implement best practices.

By not having strong offboarding processes, companies leave themselves open to a range of risks that can have serious consequences for their operations, reputation, and finances. Proper offboarding protocols are essential to mitigate these risks and protect the company’s critical assets and information.

To learn more about how Wing uses automation to speed up and ease Insider Risk Management, read more here.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.