The potential for an economic recession is raising cost-consciousness for organizations globally. It’s also changing how businesses should be thinking about security risks, especially insider threats that may result from layoffs. There are currently many heightened sensitivities to navigate as it relates to employee cutbacks—and understandably so—with organizations such as Tesla, Coinbase, and Compass making the tough decision to reduce staff over recent months.
The uncertainty and fear surrounding layoffs is a powerful driver of insider threats. However, there are ways for organizations to proactively mitigate security risks prior to and following layoffs, while being empathetic to current and prior employees. Here are some tips for how to do so.
Be Proactive to the Best of Your Ability & Prepare IT Teams Accordingly
Proactivity is critically important, given the human elements at play here and the natural reactions of individuals following such tough news. A few months ago, the DTEX i3 team assisted in an investigation of a biopharmaceutical organization, which unfortunately had to lay off 250+ employees. With the help of the DTEX i3 team, the company was able to think and act ahead of time to reduce cyber security risks. Specifically, the organization enforced device lockdowns on file uploads to personal webmail, file sharing sites, USB ports, etc. ahead of the layoffs, helping to curb a lot of the potential data loss that could have otherwise occurred after the layoff announcements.
Follow Through After the Fact, Understanding the Human Element at Play
Following the layoffs, the DTEX i3 team recognized an 80% increase in flight risk alerts due to employees who knew they were being laid off starting to look for replacement jobs, as well as some employees, who were not part of the layoffs, but feared for their jobs, looking as well. While this is understandable given the situation, it’s also a time when data is most likely to be exfiltrated before an employee departs. These small, but proactive measures ahead of delivering the news to team members had a large impact in preventing any successful exfiltration events from happening because of departing employees or nervous team members. Keeping a continuous eye on critical data and its movement within the organization proved to be essential to reduce security incidents and risk associated with this cutback.
How Workforce Cyber Intelligence & Security Can Help
For years now, we’ve been talking about the unprecedented times we’re in, which persist in different ways. In times like these, IT teams can feel overwhelmed and fatigued, given the impact to the organization and their colleagues with whom they may have personal relationships.
In the instance of the biopharmaceutical organization, DTEX was there to support the organization’s internal IT department. Through leveraging Workforce Cyber Intelligence & Security, a new approach to enterprise data collection and analysis, the organization understood how, when, why, where and for how long employees interacted with data, machines, applications, and their peers as they performed their job responsibilities following the announcement. With these insights, the combined IT team effectively translated real-time telemetry about human activities, behaviors and communications for immediate insights into security challenges, employee engagement, and more to protect critical data during such a difficult time.
DTEX is committed to helping its customers by protecting their crown jewels during times of need. Interested in getting in touch with us to learn more? We’re here for you.