The Great Resignation, a term coined by psychologist Anthony Klotz in 2021, has hit organisations around the globe. Triggered by the global pandemic, this phenomenon is set to continue, with swathes of workers leaving their jobs or switching careers due to a shift in priorities or values.
While retaining and attracting talent are often cited as the top challenges faced by organisations in the current quitting wave, the impact of the Great Resignation on IT has, so far, been overlooked. If left unaddressed, organisations are exposed to heightened cybersecurity risks that come with the turnover tsunami.
How the Great Resignation is impacting data security
With an unprecedented exodus of employees, it is no surprise that organisations are prioritising hiring and retention to close the talent gap. As such, data security gaps related to departing workers often fall by the wayside. In fact, according to Code42’s Data Exposure Report, employees had admitted to taking data from their previous employer to their new workplace.
Without putting proper processes for data handling in place, the consequences of data loss can be devastating, especially when malicious data exfiltration is at play. Organisations are vulnerable to data theft when departing employees abuse their rights by taking sensitive data out from the organisations, either for personal gain or sheer malice. Depending on their role and level of access to confidential information, the impact could be far-ranging, from recreating data sheets that had been deleted or tampered with, to financial losses when data had fallen in the hands of malicious insiders.
Overburdened IT teams
The Great Resignation has also hit IT teams, creating immense pressure for them to onboard new hires while balancing the need to offboard departing employees. This has inevitably resulted in lapses, such as keeping ex-employee email accounts active and allowing unrestricted access to company applications, devices, and servers. In such instances, these “ghost accounts” with login credentials belonging to ex-employees are a prime target of exploitation by hackers, exposing the organisations to cyberthreats such as ransomware.
The rise of hybrid working, rapid adoption of online collaboration tools, and its corresponding data sprawl, have further exacerbated the challenges faced by IT teams. According to a recent Veritas study, businesses are losing critical data as employees are too scared or embarrassed to report data loss or ransomware issues when using cloud applications such as Microsoft Office 365.
Because of this, IT teams are battling with issues of data loss and data security, given that employees are often the weakest link – with human error or negligence being a leading cause of data breaches. The reshuffling of employees has created additional complexity, as incoming workers might unknowingly introduce security vulnerabilities by using infected files that they had brought with them from their previous company. In other instances, data breaches and compliance lapses simply occur as new employees struggle to keep up with their current organisation’s cybersecurity processes and policies.
Tips to mitigate cybersecurity risks posed by the Great Resignation
The factors for the ongoing talent migration remain manifold. Even as the Great Resignation might have morphed into the Great Reshuffle, the employee-related challenges are not going away. Hence, it is critical for organisations to take proactive measures to mitigate the cybersecurity risks posed by both incoming and departing employees.
- Harnessing AI for data management
To regain control of their data and reduce cyber risks, organisations can eliminate the burden of human intervention from data management by harnessing AI and machine learning capabilities to detect security threats and continuously optimise operations. For instance, autonomous data management solutions powered by AI can now automatically initiate malware scanning to enhance ransomware resiliency.
By leveraging technology to autonomously provision, optimise, and repair data management services, organisations can reduce the need for more IT staff while complying with compliance regulations. IT teams can also consider using digital tools that would trigger automated workflows to wipe out data or repurpose hardware associated with departing employees for efficiency.
- Setting clear policies and processes for employees
Employees are at the crux of an organisation’s cybersecurity posture. With the rise of hybrid working where data is being created and stored across multiple end-user devices and cloud applications, it is more critical than ever for organisations to adopt good security hygiene.
Clear retention policies should be implemented to determine how long data should be retained for operational and compliance needs, and who has access to this data. Furthermore, such policies must also classify data storage according to tiers.
IT teams should be vigilant in maintaining a checklist to ensure that user accounts and access to company applications, devices, and servers for outgoing employees are revoked without any unnecessary delay.
- Employee education and communication are key
Businesses should train their employees on the policies and tools that are deployed on a regular basis. This will reduce any potential or accidental policy breaches, and ensure that employees know how to access and retrieve data that is lost, corrupted, or compromised in a timely manner. As employees are often the gateway to cyberattacks, encouraging team members to communicate openly on their defined roles, responsibilities, and access rights can help to avoid chaos and address any concerns regarding security protocols and procedures.
The new remote working landscape and the ongoing turnover tsunami are creating a perfect storm for insider threats. As businesses emerge from the global pandemic and plan for recovery, data security should never be an afterthought.
To bolster business resilience and stem the cyber risks associated with the talent migration, the best defence is a proactive approach to keep data and IT infrastructure safe and secure – bringing together the right people, processes, and technology.
