There are plenty of reasons why you should work to retain employees as long as they’re being reasonably productive and contributing to the bottom line. The main reason is that it’s really costly, in both time and money, to replace folks who have left.
This is something all business owners know, just like they know that no matter how much they try to retain people, there will still be turnover. But too many business owners neglect the elevated risk of insider threats that are related to employee turnover. And all too often they leave themselves more vulnerable to these risks than necessary.
What are insider threats?
Insider threats are a pretty broad category of threat, as we discussed in this post. But here we’ll focus only on insider threats that arise when people within an organization misuse their access privileges in a way that causes harm. Turnover amplifies these risks, as access privileges and sensitive knowledge can walk out the door — or worse, get misused before someone officially leaves.
Real-world examples
Let’s look at some eye-opening cases that highlight the risks:
In each of these cases, the common denominator was a trusted employee whose departure became a trigger for potential disaster. For a more detailed look at another example, check out this post.
Why turnover creates risks
Departing employees know your systems, processes and data flows better than almost anyone. They may still have access to critical accounts for hours, days or weeks after announcing their departure. In some cases, they might harbor resentments or simply overlook protocols, leading to accidental or intentional data leaks.
How to minimize insider threats
There are practical steps every organization can take. Here’s how to dial down risk when employees leave:
- Immediately revoke system access once an employee’s departure is confirmed. Modern zero-trust access control systems like those built into Barracuda’s network protection components ensure nothing falls through the cracks.
- Modern XDR systems that include SOC oversight, like Barracuda Managed XDR, can detect suspicious activity — such as mass downloads or unauthorized data transfers — before, during and after the notice period.
- Protect sensitive data by regularly scanning your network to identify and remediate any instance of files containing it being stored insecurely, using a tool such as Barracuda Data Inspector.
- Conduct routine access audits to spot dormant accounts or excessive privileges. The principle of least privilege ensures employees have only the access they need.
- Conduct regular security awareness training to ensure staff understand cybersecurity risks, emphasizing policies around data handling, reporting suspicious activities and respecting offboarding procedures. Training products such as Barracuda Security Awareness Training make it easy (and even fun).
Prevention is key
Saying farewell to an employee should never mean saying goodbye to your data security. Think of insider threats the way detectives think about crime: It all comes down to means, motive and opportunity. If you can minimize all three of these, you’ll keep your risks of turnover-related incidents to a minimum too.