Companies should evolve their cybersecurity strategy in light of the Great Resignation
While the obvious challenge of the Great Resignation is increasing labor shortages, the phenomenon now poses a critical risk to another important aspect of the workforce: cybersecurity. With a record number of employees around the world abruptly leaving their jobs, companies are now faced with the larger task of ensuring that the door is securely closed behind former employees, who may still have access to the digital assets of company after their last day.
Why is offshoring a security threat?
Today’s relocation processes can leave former employees with continued access to sensitive digital assets – a huge liability for their former employers. As most companies and executives know, not all employees leave on good terms, and recovering company hardware assets, which can store sensitive information, can often be a challenge.
A recent report found that 83% of employees continued to access their former employer’s accounts after leaving the company. Additionally, 56% of employees used their ongoing digital access to harm their former employer. Some staff members may intentionally retaliate against their former employer; some may exploit valuable intellectual property to impress potential rival employers; and some may even accidentally disclose sensitive information.
The transition to remote working has only made it easier for attacks or just mistakes like these to occur. Malicious or not, every former employee can pose a significant cybersecurity risk and should be relocated accordingly.
Trends in remote working – an aggravating risk factor
Beyond simple offshoring issues, employees across industries are also demanding remote work flexibility from their employers. While adapting company culture to employee needs is a positive step, working remotely can increase cybersecurity risks.
A hybrid work environment allows employees, using mobile devices and laptops, to access sensitive corporate data from unfamiliar network environments with an unchecked security posture. As companies modernize their IT service delivery strategies to keep up with these remote working trends, they also need to stay 10 steps ahead in their security processes.
What should companies do to mitigate the risks associated with the changing workforce?
It is not enough for companies to leverage an internal risk management strategy based on the assumption that working in the office is the default and working remotely is the exception. Organizations need to evolve their strategy to respond to the new workforce paradigm and prioritize processes to deal with the constant shifts in the workforce.
Here are best practices for establishing a secure onboarding/leaving process that mitigates the risks associated with changing workforces:
1. Leverage cloud PCs to stay in control of your organization’s digital assets
Does it make sense to have a security policy where every employee stores digital assets in their house? This is basically a laptop-centric strategy. What if they don’t return the laptop?
Companies looking to maintain an agile and productive remote/hybrid work environment while mitigating security risks should consider a cloud PC strategy that centralizes digital assets in the cloud. Some cloud PC platforms even allow preventing data from being stored or copied on the device, reducing the risk of data theft or misuse.
Cloud PCs ultimately simplify the logistics of offshoring, as there is a single place to turn off access to digital assets. This strategy does not rely on former employees to return the hardware so that companies can maintain control over the data.
Cloud PCs make it possible to support a BYOD strategy with remote employees or contractors. When exploring cloud PC options, executives should ensure that the platform they choose:
Provides in-depth visualization of user connectivity and the ability to immediately terminate access to data and applications in the event of departure (or any other security issue)
Allows them to export relevant security data to their SIEM platform, which will extend security analysis to include end-user activity
Connects to HR/ITSM systems so offshoring is fully automated, leaving no chance of errors or process gaps between departments
2. Adopt a zero-trust IT strategy
Remote work can increase IT risks, especially relying on employees to do the right thing and keep company resources secure. Basic common sense tells us that the less control an employer has over company resources, the greater the likelihood of a security incident. Likewise, spanning data across huge numbers of devices, apps, and people greatly increases the risks.
Adopting a zero-trust framework essentially means not trusting anyone – inside or outside the organization. With a zero-trust model in place, access is granted based on identity verification, rather than the outdated method of device-based access management.
By moving to cloud PCs, organizations can quickly adopt a zero-trust framework. In this case, IT will have ultimate control without having to rely on employees to do the right thing. An effective zero-trust framework promotes a secure remote work environment by reducing IT risk to an equal or lower level when all employees were working in the office.
Remote work is here to stay
Successful organizations will have evolved their organizational strategy to meet the new challenges of remote working and increased employee turnover by considering the cybersecurity risks posed by past, present and future employees.
Now is the time for leaders to formulate a comprehensive security plan for remote work and offshoring that ensures data protection from every angle.