Reducing The Risk Of Insider Threats While Offboarding Employees
Human Resources

Reducing The Risk Of Insider Threats While Offboarding Employees

There’s a certain type of data loss that presents a unique challenge to the HR department- insider threats. Although it accounts for a small percentage of total data breaches, the damage done by an insider is far more detrimental to an organization because of the privileged and intimate access employees have to company data and systems. The time immediately preceding an employee’s departure is the most threatening—with 70% of intellectual property being taken within 90 days of an employee’s resignation. 

In order to minimize insider threats while offboarding employees the HR department must work to establish an employee departure protocol that keeps data loss prevention in mind. Following some or all of the steps listed below helps combat the exodus of company data that too often happens when employees end their time with a company. 

Create an Offboarding Checklist with IT & Managers

Protecting against insider threats while offboarding employees securely isn’t the job of a single department. Although HR may direct the process, working together with IT and the employee’s department manager ensures all bases are covered to eliminate the threat of unauthorized access after an employee departs. While IT works to make sure the employee access to company accounts, servers and networks is deactivated, direct managers and supervisors ensure the company data and information an employee worked with on a daily basis is handed over before their last day. Collaborating with managers and IT to create a data security offboarding checklist ensures no stone is left unturned as an employee exits the company. 

By working with other departments to figure out how to best protect enterprise data during offboarding, HR also has the opportunity to ensure data practices are in line with company policies and regulation compliant. Say you’re working together with IT and department managers to plan the offboarding checklist and discover one department has been transferring data to their personal devices, against company policy. This noncompliance may have gone undetected otherwise and can be corrected.  

The Costs of Data Loss Every Business Owner Needs To Know

Immediately Deprovision Access After Departure

While this specific duty will most likely fall to the IT department, it’s up to the HR department to make sure it’s followed through. More often than not employee access remains intact after an employee moves on from the company. After exiting a company,  89% of employees reported they were able to access sensitive company data well after they left. This unlocked door is a data security threat in more ways than one. Not only does this invite former employees to access and take privileged information after their tenure, it provides hackers with additional, unmaintained entry points vulnerable to a brute-force attack. The process in which employees are granted access during onboarding should be mirrored in an offboarding process that deletes account access immediately after their departure. 

Announce Employee Departure to Relevant Parties

Employee departures are not always advertised, especially depending on the circumstances surrounding their exit. From a data security standpoint however, informing the coworkers, vendors and clients of an employee departure is a necessary step to end the flow of data to the employee’s accounts. While deprovisioning ends an employee’s access to their company accounts, alerting those who worked closely with the employee takes those employee accounts out of the data distribution circle. This way, if a former employee does manage to access their email or cloud account after they step away from the company there won’t be any new privileged company data there for them to discover. Alerting necessary parties of a departure during the offboarding process can aid your recruitment efforts in addition to being a security measure too since it lets staff and clients know there will soon be a new position to fill. 

Audit User Access & Data to Limit Exposure

During an employee’s time at a company, they slowly gain access to more and more files. The expanding data permissions employees accumulate during their time as at a company is called access creep. To minimize insider threat created by access creep during offboarding, HR can perform data audits to ensure the granted permissions are still necessary and up to date. Auditing data access allowances outside of offboarding employees is a good practice in general. Staying on top of data access controls helps limit access which makes the data more secure but also keeps the company’s data handling practices compliant as data limitation is a pillar of many privacy regulations. In this way, access audits minimize the chance of a malicious internal actor exfiltrating data and help the company avoid costly fines for incompliant practices. With 72% of employees admitting to taking company data when they go, these audits can provide insight into whether or not employees are accessing data needlessly upon their exit, ie- looking for data to take.

Monitor Suspicious Activity with DLP Endpoint Surveillance

The 2020 Insider Threat Report revealed 52% of company respondents feel it’s harder to detect and prevent an insider data attack due to the privileged permissions and access employees have. This especially becomes a problem in the weeks leading up to an employee’s departure. Employees, whether leaving on good or bad terms, may be looking to take company data with them before they leave. Data loss prevention and employee monitoring software provide a low-maintenance solution to that problem. Such applications are installed on employees machines and track the use of data in-motion and in-use. Through this software, HR departments can set rules and alerts for certain data handling behaviors such as attaching files to an email addressed outside of the company or visiting unauthorized websites. When employees violate the rules and engage in suspicious behavior on their systems, administrators are notified in real time. Using such a software has an added bonus for HR too. Not only does employee surveillance software monitor employees’ data behavior, it also collects employee performance and productivity data. 

Prevent Data Loss With TeramindReduce Your Risk Of Insider Threats And Prevent Data Loss with Teramind

Update Login Credentials for Shared Sign-ins

Sometimes individual employee logins are bypassed for the sake of convenience. Although this might make access easier during working hours, it creates yet another unprotected access point when an employee with shared login information departs the company. It’s crucial shared login information is changed upon an employee’s departure. Regularly changing login information is a suggested practice to minimize the risk of a hack but updating login information becomes that much more important after an employee exits a company. 

Deactivate Mobile App Access From Personal Devices

While organizations may limit the devices employees may use to complete work, some personal devices like smartphones and tablets often get a pass. Access to company data from these devices is frequently overlooked during offboarding and unintentionally allows former employees to continue to access data. To ensure company data is protected against exfiltration from this access point, all access to work accounts and mobile apps must be deprovisioned upon an employee’s departure. Employees often use their personal devices to access email and messaging apps like Slack and the Information stored on these apps like company files or invoices may still be cached in the app. Deprovisioning accounts across all applications is necessary to minimize the risk of an insider threats while offboarding employees. 


Protecting data against loss is always crucial but becomes particularly critical to protect data against insider threats while offboarding employees. As employees exit a company, their privileged access paired with their imminent departure make them a proven high-risk threat to the security of company data. Protecting against this threat with a thorough data security driven offboarding process helps defend against the loss of data during this vulnerable period of an employee’s lifecycle. Implementing the necessary changes to prevent data loss during offboarding can defend against other insider threats too. Through monitoring data usage and access, HR is positioned to become a front line defender against any insider threat.

Build A Culture With Purpose With Teramind

HR leaders know that the work they do adds strategic value but with so much on their plates, productivity, on-the-job learning and employee retention can get pushed aside. Take steps to engage your workforce and curate a culture that thrives. With Teramind, you can capture all types of user activity and behavior data that can be leveraged to promote a productive culture and more.

But don’t just take our word for it…

Leave a Reply

Your email address will not be published.