How The Great Resignation Brought About More Insider Threats and What to Do About It
The 2020s have seen shifting tides in workplace culture, human resource (HR) management, and the job force. What also came about was the Great Resignation, which increased job turnover stemmed from the global pandemic.
The Great Resignation, much like the economic downturns of the 2020s, is greatly impacting the workforce in numerous unknown and trackable ways. One impact is the rise of insider threats.
Here’s how the shifting workplace and the Great Resignation are encouraging insider threats and what businesses can do about it:
What is the Great Resignation?
Also referred to as the Big Quit and the Great Reshuffle, the Great Resignation refers to the trend where employees voluntarily resigned from their jobs starting in 2021 due to the COVID-19 pandemic.
There are many estimated reasons for this trend, including wage stagnation, the rising cost of living, job dissatisfaction, a desire to work remotely, and safety concerns due to the pandemic.
While the Great Resignation is believed to have recouped some of its losses and resignation rates have declined, it still calls to concern several warnings for the job force, including concerns around job satisfaction and company security.
Why the Great Resignation is Impacting Company Security
The COVID-19 pandemic, the increase in work-from-home and remote working, and the Great Resignation have all impacted the integrity of previously set up company security systems. No longer are employees relying on the strong network security implemented from the top down; instead, employers are having to deal with new security threats on a daily basis, far quicker than ever before.
Company security requires a company security team, including members of the IT department or a security/IT managed service, to continually check for security vulnerabilities, set up strong security systems, and monitor employee and insider behavior to prevent cyber threats. Unfortunately, though, with the shifting in macroeconomics, the landscape for company security and protection has changed drastically. For example, now with more employees working at home, businesses are needing to employ remote security options or rely on their employees’ personal networks for business security.
The Great Resignation has brought in new employees at alarming rates, in particular, due to the turnover and staff shortages. And the employees who leave are less likely to be vetted to ensure company security.
Surveys suggest that a lot of departing employees end up taking their data with them when they leave a job, whether on purpose or by accident, and many use this data in their new job. These stats suggest that employees are more than willing to steal your company data for personal gain and risk a threat to your company’s security.
Understanding Employee Turnover and Intentional and Unintentional Insider Threats
Insider threats are believed to cause a large majority of company security risks. Insider threats refer to the intentional or unintentional leveraging of human workers to hack inside a company to obtain their network security access, sensitive company files, important credentials, and more.
What’s important about this conversation is that not all employees or former employees are intentionally seeking to steal data, make data vulnerable, or use it for personal gain. Also known as negligent insider threats, some employees, third-party partners, and former employees accidentally open up vulnerabilities. These actually make up two out of three insider threat incidents.
The fact that a large population in the US voluntarily left their jobs for the Great Resignation suggests that the number of insider threats caused by leaving employees increased significantly. And we see this reflected in statistics that suggest insider threats have risen 47% in the past two years.
Whether these employees weren’t properly offboarded, they unintentionally took data, or they intentionally took data – each employee is a new opportunity for an insider threat to occur.
Additionally, with new hires that were needed during the Great Resignation, a number of new employees were brought on in a rushed capacity. This could mean that the employees were less likely to be vetted by all the required personnel, were given too much access before their trust could be established, and the likelihood that they ended up leaving the job could have also increased, therefore increasing the number of insider threats once again.
While what happened in the past with the Great Resignation cannot be changed, companies can set policies and improve employee tracking software to prevent this high amount of insider threats from happening again.
Taking a Step Back: Fixing Security Issues Stemmed by the Great Resignation
While the security concerns brought about by the Great Resignation cannot be undone, companies can look back at what was done to rectify the situation. Here are some steps companies can take to fix security issues stemming from the Great Resignation:
Revisit Offboarding Policies
Companies should implement onboarding and offboarding policies and procedures to optimize people management and security. These sets of policies are typically required for security certifications, like the SOC I and SOC II certifications as they show that a company has taken the time to remove the credentials, data, and access points for old employees.
This eliminates the chance of that employee using those credentials again or of someone tapping into an existing network through this old data.
Offboarding policies should include:
- Removing the employees’ access to all software, computer hardware, and company networks
- Revoking access controls
- Disabling, archiving, and/or removing credentials from the employees
- Wiping or securely archiving and encrypting any sensitive personal data the company has on that employee
Assess Employee Satisfaction
Poor employee satisfaction can contribute to employees leaving and taking sensitive data with them. Therefore, it’s important to assess your employee’s overall satisfaction (before they leave) so that you a) can address issues of company culture and b) can revoke data access prior to it becoming an issue.
Disgruntled employees create insider risk scenarios as malicious threat actors. Therefore, it’s best to know that you have disgruntled employees and do something about it, rather than find out later that your employees stole your data or created an escalated security breach.
In addition to employee satisfaction surveys, implement an exit survey for every departing employee. An exit survey will tell you exactly why your employees left; it can also kickstart your offboarding process while giving you essential information about the employee. You can then use this data for improving employee retention in the future.
Implement Employee Tracking Software
Tracking software is one of the best ways to understand employee behavior and provide data protection. You can use tracking software for managing time, person productivity, project progression, and insider threats. Some of this software can provide the metrics you need to do it all, and improve company security on top of that.
Looking at software like SoftActivity, you can track your user’s behavior, assess their time tracking and calendar, look at the software and applications they used, read their messages, and see when and where they move data. SoftActivity employee monitoring software increases data visibility so that you can clearly see what’s going on with your data and mitigate insider risks when they come up.
With high turnover brought on by the Great Resignation, more companies are experiencing higher rates of data exposure. In high-risk industries, like the healthcare industry or the public sector, this means that sensitive company data is being made more vulnerable more often.
Set up a Remote or Hybrid Security Plan
For companies who have had to move to remote or hybrid environments, it’s important to have a hybrid/remote security plan in place, as well as specific policies for these employees. What’s most important in this plan is employee tracking software.
Without one, team managers will have no clue as to their company behavior and whether or not your worker is risking your company’s cybersecurity.
Employee tracking software will give insight into the internal mobility of data even in remote settings, while also allowing for the flexibility and benefits that remote hiring brings about.
Reassess Employee Access Hierarchies
Not every employee should have access to all sensitive company data. Therefore, reassess your company access hierarchies for data security.
Even if you are an employer at a small company, start to characterize the types of roles within your company and work with your security team and IT team to designate job roles in software for restricting access and for credential authorization.
Monitoring Insider Threats Throughout Economic Turnovers
Most likely, businesses are still struggling to keep up with the economic turnover experience throughout the Great Resignation. The shift in mindset brought on by the Great Resignation may indicate that companies are more likely to spend more money on employee turnover.
Security leaders shudder at the thought of the type of security risk opportunities that can increase with a revolving door approach to workplace security. That’s why companies should do everything they can to stem employee resignation rates, including improving the employee experience and revising their job openings.
Work with security professionals for insider threat intelligence, stopping insider attacks before they get worse, and removing opportunities for data theft to occur.
By SoftActivity Team.