Cybersecurity, physical security checklist for employee offboarding

When the “Great Resignation” took the world by surprise in early 2021, we hoped it would be a short-lived movement. More than a year later, though, it seems to be the exact opposite — a lasting trend disrupting businesses across industries. A recent report from Joblist details the mass exodus experienced late last year: “After 4.4 million workers quit their jobs in September and another 4.2 million quit in October, a record 4.5 million left their jobs in November.” The report also reveals that 74% of full-time employees and 51% of part-time employees plan to quit their jobs this year.

With employees leaving their jobs at unprecedented rates, how can already overtaxed security teams keep up with offboarding them securely? The key lies in developing and executing an optimal combination of cybersecurity and physical security best practices. To get you started, here are four steps to follow once an employee gives their notice, so you can offboard them securely while reducing enterprise risk throughout the process.

1. Be reasonable during the offboarding process.

Professionals in cybersecurity and physical security have a high degree of integrity and respect confidentiality, or they would not be in their chosen professions. With this in mind, when an employee resigns — regardless of the circumstances — follow your industry’s strict code of ethics and make the offboarding process as painless as possible. You want employees to leave in a positive manner for two reasons: 1) to protect brand reputation and 2) to minimize any future revenge attacks.

2. Prioritize account deactivation.

From a cybersecurity perspective, make sure to change the password of any group or shared accounts the employee may have used or seen in the course of their work. Pay close attention to software as a service (SaaS)-related accounts that may not be part of identity and access management (IAM) automation processes. These accounts should be addressed simultaneously with the notification of the employee’s intent to leave the company.

From a physical security standpoint, deactivate access control badges and retrieve them, if possible, to prevent the ex-employee from using it as a visual tool to social engineer their way back into the facility. Be sure to deactivate any biometric access codes, as well as system passwords and application passwords to physical security solutions, such as video surveillance systems. Lastly, retrieve any physical keys, if appropriate.

3. Have a communication plan that updates existing employees and key third-party partners.

Having a detailed communication process to let employees and third-party partners know about personnel leaving the company will prevent panic and rumors about the employee’s departure.

Additionally, alerting these stakeholders will minimize the potential of a departing employee social engineering their way into gaining access into the company or disrupting your supply chain. If IT support or help desk personnel, security operations center teams, or building lobby guards do not know that an employee is no longer with the company, they may not question the request for granting access back into the facility or restoring network access. The same situation holds true with trusted third-party partners with whom the terminated employee worked. If partners don’t know the employee has left, they will continue operating as usual, without questioning communications and requests.

4. Make sure no back doors or trojan horses are left behind in production systems and software.

If there are any suspicions or concerns from a cybersecurity perspective, conduct an assessment (threat hunt) and pay close attention to perimeter access points. This step is of particular relevance if it’s a cybersecurity professional leaving the company, because they’ll know about vulnerabilities from prior security reports.

Former employees can be just as dangerous as external bad actors, which is why it’s important to take offboarding seriously. And, this means keeping the human element in the process rather than relying on automation to take care of everything. Software and other technologies change quickly, and if the security team isn’t periodically checking to make sure things are working as they should, security risks can slip through the cracks.

It’s this combination of automation and humans that will help you establish a secure offboarding process, so even if departing employees might cause talent shortages, they aren’t adding security risks to the list of business challenges, too.

Brian Wrozek is a seasoned cybersecurity executive with more than 20 years of experience in IT and information security and management. As CISO at Optiv Security, Wrozek oversees all corporate security functions including cyber operations, incident response, vulnerability management and security governance activities.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.