Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity & Business Resilience

The Security Risk No One Talks About During Layoffs: Offboarding

By Chase Doelling
Round table

Arlington Research via Unsplash

June 10, 2025

In our current unpredictable economic environment, announcements of workforce reductions have become a frequent occurrence. Not only in the private sector but also across federal agencies such as the Department of Health and Human Services, the Department of the Treasury, and the Cybersecurity and Infrastructure Security Agency. While much attention rightly focuses on the human and operational impacts of layoffs, an important risk often remains unaddressed: security.

Organizations often devote considerable effort and coordination to onboarding new employees, provisioning appropriate access, delivering training on acceptable use, and implementing identity verification protocols. Yet, when those same employees depart, particularly during layoffs involving numerous people and tight timeframes, offboarding procedures are often inconsistent and haphazard. Processes may be manual and fragmented, communication between departments can falter, and overwhelmed IT teams are left scrambling to keep up.

This gap in process and priority creates a significant insider threat that is often overlooked but deserves much more scrutiny in the era of frequent workforce transitions.

Addressing the Insider Threat

Insider threats account for a notable portion of security incidents, whether those threats are the result of malicious intent or simple negligence. Nearly 90% of former employees maintain access to sensitive corporate systems and data after their departure. These lapses, such as former employees retaining access to sensitive systems put organizations at significant risk. The failure to promptly revoke access across any system or platform can lead to data breaches, regulatory non-compliance, and significant financial losses. This is usually not due to ill will, rather because identity and access management systems have not adapted to meet the urgency and complexity that modern offboarding demands.

In situations of mass layoffs, IT teams may receive lists of hundreds of employees to offboard with very limited notice. They are often required to deactivate accounts and revoke credentials within hours or even minutes. Without automated workflows and robust coordination across HR, IT, and security teams, the process of disabling access across all relevant platforms is a race against time. Human error in such circumstances is almost unavoidable, heightening the risk of insider threats.

Today’s hybrid work environment and cloud-based collaboration tools mean access is no longer confined to physical offices or corporate devices. It encompasses cloud applications, shared drives, software-as-a-service platforms, remote servers, and even third-party integrations. This broad attack surface demands timely and thorough access revocation to prevent insider threat vulnerabilities.

Why Offboarding Remains a Persistent Challenge

The complexity of offboarding lies in the accumulation of employee privileges over time. Staff members often acquire access to a wide range of resources, including financial data, customer records, proprietary code repositories, and executive communications. These privileges tend to be distributed across multiple systems and organizational silos. Without a centralized and current identity and access management framework, it is a daunting task to ensure access is comprehensively revoked in a timely manner.

This challenge has grown more complicated in recent years due to the rise of remote work and Bring Your Own Device (BYOD) policies. Simply reclaiming physical assets such as badges or laptops no longer guarantees the removal of all sensitive data access. Former employees may retain synchronized files on personal devices, stored passwords in browsers, or access to unmanaged applications.

Adding further complexity to this offboarding challenge is the issue of shadow IT. The use of unauthorized software, applications, and cloud services by employees without formal approval or oversight is constantly growing. Shadow IT proliferates outside the control of IT departments and often bypasses established security protocols and monitoring. When employees leave, their access to these unmonitored tools can persist, posing serious risks to data security and compliance. You can’t remove access if you didn’t know it existed. 

Effective Strategies to Address Offboarding Risks

To mitigate the risk of insider threats, especially in times of or in preparation for mass offboarding, organizations must elevate offboarding to the same level of priority and rigor as onboarding. The following strategic practices are critical to securing the offboarding process:

  1. Automation of Offboarding Procedures: Utilize identity and access management tools that integrate with your IT ecosystem to automatically revoke access and deactivate accounts as soon as an employee departs. Manual processes cannot keep pace with the velocity of modern workforce changes.
  2. Regular Access Reviews and Audits: Establish periodic reviews of user access privileges, with a particular focus on privileged accounts. This practice helps identify and remove outdated permissions for former employees and prevents unnecessary privilege accumulation among current staff.
  3. Cross-Department Collaboration: Ensure that human resources, IT, and security teams maintain clear and timely communication. A formalized offboarding workflow triggered immediately by employment status changes can reduce delays and avoid confusion during the deprovisioning process.

Leadership’s Role in Securing Workforce Transitions

Workforce changes are an unavoidable part of doing business, but organizations cannot afford to allow their security controls to lag behind these transitions. Incomplete or delayed offboarding is not merely a technical failure; it reflects broader leadership and governance shortcomings. Executive teams must promote a security-first culture that treats employee departures with the same level of discipline and care applied to onboarding.

As cyber threat actors become increasingly opportunistic and regulatory requirements surrounding data protection intensify, organizations must recognize that effective offboarding is foundational to a resilient security posture. It demonstrates an organization’s commitment to protecting its data, reputation, and long-term viability.

KEYWORDS: insider risk insider threats

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Chase doelling headshot

Chase Doelling is Principal Strategist at JumpCloud. Image courtesy of Doelling 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • No TSA Security Video in Newark Air Breach; But What about Amtrak? No Screening

    See More
  • hcwebinar

    Webinar Review: Healthcare Official Talks about Reducing Global Threats at Hospitals

    See More
  • workplace-violence

    One Third of Large U.S. Newspapers Have Suffered Layoffs Since 2017

    See More

Related Products

See More Products
  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

  • CASP.jpg.jpg

    CASP+ CompTIA Advanced Security Practitioner Certification All-In-One Exam Guide...

  • GSEC.jpg

    GSEC GIAC Security Essentials Certification All-In-One Exam Guide, 2E

See More Products

Events

View AllSubmit An Event
  • May 14, 2012

    Effective Risk Communication: Theory, Tools, and Practical Skills for Communicating about Risk

    Stay ahead of the curve by attending this in-depth program, featuring the latest scientific findings on risk perception, case studies from around the world, a suite of practical tools, and hands-on skill training.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!