Will Robots Replace Recruiters in the Future?

Digital Disruption and Why You Need to be Upskilling Now

Security breaches are at an all-time high, with Australia ranking the worst in the world for data breaches – 22 hacked every minute. 

It’s not just customer and client data but also employee data. Over 77,000 Uber employees had their private information leaked last year, and this is just one of a slew of data breaches in recent memory. While some data breaches were the result of hacking, it’s in fact employees who are the number one cause of leaking data, whether it be through negligence, malice, or ignorance. Data leaks and breaches are especially vulnerable at the time of offboarding.

Offboarding is the separation process that occurs at the end of an employee’s tenure at a company. This process is done to ensure a smooth transition and that all necessary tasks are completed by the employer and employee. Offboarding is a vulnerable time for company data and assets. Whether it be the returning of keys for a retail store, work laptops, or the closure of work email accounts, removing access to the company physically and electronically are necessary steps that need to be undertaken to protect your organisation.

It’s crucial to remain vigilant in the protection of your company’s data throughout all stages of the employee lifecycle. It’s important to recognise that, yes, you should be securing data during offboarding, but to do that effectively, you need procedures and protections in place throughout the whole employee lifecycle. This can be achieved by following these recommendations:

 

1. Collaborate with HR & Legal

Collaboration is crucial, not just for developing an offboarding plan but also an onboarding one. Both need to be tightly controlled to keep information safe. As HR is usually the first to know if someone is leaving or joining the company, IT must work with them. This sometimes begins even before the onboarding of a new employee, such as during the recruitment process.. In 2022, the burger chain Five Guys had the personally identifiable information (PII) of people who applied to work at the company stolen by cyber attackers in a “smash-and-grab” operation.

It’s crucial for the two departments to work together to create a secure process that minimises the likelihood of breaches. In this plan, they should identify the necessary programs for the different departments. This information is valuable to IT, as it will be helpful for setting up accounts and being able to easily remove access following offboarding.

 

2. I.T. Asset, Software and Data Management

The devices used by employees can also represent a weakness for a company’s network, since they are a gateway to that network. A good endpoint management tool is essential to avoid potential threats: it allows you to identify the user of each device and track the status of updates and attack attempts. If you have a hybrid working model it’s crucial to have lists for both remote and onsite devices. While a bit tedious, it will save you a lot of time at the offboarding stage or when reviewing company inventory. IT asset management isn’t just for physical items, though; it also includes virtual ones!

Trying to find and keep track of materials can be tricky, and especially so when it’s digital. With so many different programs and software, it’s easy to get overwhelmed. Keeping a log of the programs that are used and by whom can save you a lot of time when it comes to offboarding. It can also save your company money! Asset management isn’t just about knowing which programs are being used but also evaluating their effectiveness, updating them, and even unsubscribing from the service altogether. Mapping software usage and regularly consulting with heads of departments about the programs they are using is crucial to the effectiveness of asset management. 

Data and software access is also a key step in data protection. Give access to what they need and not more. Does the _______ department really need access to that software? Do they really need the all-access version of it? Asking yourself these questions can significantly reduce the potential of sensitive data being accessed by others in the company. With your company’s cloud, you should separate the departments and ensure that they can’t access one another’s folders and files. Data access must always be based on the need to know and least privilege principles.

 

3. Deprovisioning

Deprovisioning is the act of removing access to accounts. This occurs during offboarding and, in some cases, even following a transfer within the company. This is not only for security, but also to limit the number of licences and reduce costs (because some have tiered subscriptions that increase based on how many accounts you have). Additionally, this reduces the chance of having “orphaned” accounts, which are accounts that don’t have a user but may have sensitive information about the previous owner (the employee).

This is especially important as if the concerned website or program stores personal data or has its own data breach, your former employee shouldn’t be affected as their account will already be closed. Additionally, these accounts are attractive to hackers, and they can be used to provide access to your company’s internal systems without you being alerted.

 

4. Security Review

Auditing your company’s security is a preventative measure to identify potential risks and threats. It’s also a great way to evaluate your current and outdated systems and can provide insight into gaps or potential upgrades that are needed to protect your system. Ideally, this should be conducted at least twice a year.

 

5. Consider What Software You’re Introducing

Integrating new programs into the corporate environment can also represent a risk. While the latest program or software on the market might look cool, you need to consider:

  • Does it meet a need? 
  • Does it comply with security norms and standards (ISO, SOC, GDPR, etc.)?
  • Can this program integrate well and safely with our other programs?

Integration is especially important. It will cause more inconvenience in the future if you choose a program without considering its ability to connect with other systems. Technology should be making processes simpler, not more difficult. With the software connected, this will simplify deprovisioning and save your IT team valuable time.

 

Data security is crucial. It requires cooperation and collaboration between IT, HR, and Legal to ensure that information is protected and is contained within the organisation. Failing to do so could subject your company to lawsuits, corporate espionage, and loss of trust with your stakeholders, among other consequences. Being proactive and preventative is key to protecting your company.

 

Take me to

1. Collaborate with HR & Legal 2. I.T. Asset, Software and Data Management 3. Deprovisioning 4. Security Review 5. Consider What Software You’re Introducing Contact Us

Everything You Need to Know about Virtual Onboarding

About the Author:

With a postgraduate degree in engineering, majoring in IT and industrial engineering, Eudes undertook internships that reaffirmed his interest in the digital space and, more specifically, digital transformation within companies. He started his career at a business consulting and services company in France, where he was a consultant helping organisations of all sizes and across various sectors with their digital transformation projects.
Read more about Eudes Grasset.

Related Articles

Laptop illustration with yellow background

Don’t Risk It: 5 Must-Do’s for Your Company’s Data Protection
Handshake illustration with light blue background

The Art of Offboarding: 6 Tips to Successfully Say Goodbye to an Employee
Rocket illustration with red background

Top Industries Set to Boom Post COVID-19

Most Popular

Illustration of a contract with red background

5 Reasons Why Policies & Procedures are Important for your Business
location illustration with orange background

3 Reasons to Rely on a PEO during a Crisis
Rocket illustration with red background

Top Industries Set to Boom Post COVID-19