Worried about Insider Risk? Pay More Attention to Offboarding

Discussions of insider risk inevitably conjure images of disgruntled IT employees stealing sensitive data from the comfort of an air-conditioned office. However, insider risk is significantly more complex, and any business that fails to account for this complexity is courting potential disaster.

For one thing, insider risk is no longer confined to the cubicle: frontline workers are just as likely to come into contact with — and potentially mishandle — proprietary information. Then there’s the fact that many of these insider incidents are not malicious but result from human error. In a frontline context, if someone mistakenly allows an offboarding employee continued access to internal communication channels and company information, the door is left open for that employee and hackers looking for a backdoor into a company’s systems.

However they occur, the impact of these insider incidents cannot be overstated. Per a recent report, the average cost of an insider risk event has skyrocketed to $16.2 million in recent years. Working proactively to prevent these events needs to be a central part of any comprehensive security plan.

Businesses know this — many are already taking serious measures to prevent insider incidents. But surprisingly, in all of these discussions, one crucial component of the frontline worker lifecycle has continued to go largely under-discussed: the importance of offboarding.

Why offboarding matters

For many businesses, offboarding is an afterthought — a matter of sorting out paperwork and adjusting the payroll. In fact, optimized offboarding experiences can be just as central to your business’ overall health as optimized onboarding experiences — and are perhaps even more critical when it comes to insider risk reduction.

Again, a substantial proportion of insider risk events have little to do with active malice on the part of employees (current or former) and more to do with inadequate security protocols. Phishing attacks, for instance, are continually on the rise, and without adequate training, any employee — current or former — is potentially susceptible. For example, a hacker can easily pose as someone from your company and ask for sensitive information like old passwords.

How can employers prevent this from happening? First and foremost, organizations need to consider the employee’s entire lifecycle and take time to thoroughly remove a departing employee’s access to private company data and communications channels. This process is significantly easier for companies that have already taken steps to digitize their frontline workforce. After that, they need to engage in comprehensive post-departure security training. That means ensuring your departing employee knows they will not be contacting them for personal information down the line and that they should forward any such fraud attempts to HR. The benefits of this approach are manifold. Beyond keeping your company’s sensitive information safe and secure, hands-on offboarding ensures your employee leaves with a positive impression of the company. This can go a long way towards preventing threat events that are intentional.

Optimizing the offboarding process

Right now, HR personnel are more stressed than ever — and the offboarding process only compounds that stress. A departing employee, after all, needs to be replaced — and finding the right employee for an open position is perhaps the most challenging part of the job. Juggling the demands of the hiring process with the million micro-tasks of the offboarding process is a recipe for disaster, with HR personnel (understandably) struggling to stay on top of the requisite tasks.

Crucial paperwork often goes unfiled, access controls stay unchanged, and departure protocols are neglected. This is not a reflection on HR personnel, who are doing their best in a tough workplace. However, this situation isn’t sustainable and ignoring it has serious implications for insider risk.

Fixing this situation means mending the broken lines of communication between HR personnel and frontline workers — what I call the Frontline Disconnect. And this simply cannot happen until frontline workers have access to frontline-catered versions of the digital HR tools that have so radically overhauled desk-based work in the last decade.

In my time observing countless frontline workplaces, I’ve been shocked to discover that offboarding procedures have gone unchanged for decades. Where offboarding processes for desk workers have been almost entirely digitized, many frontline workplaces — construction sites, restaurants, warehouses — still live in a pen-and-paper world. Reducing insider risk means bringing frontline work into the 21st century — making life easier for both HR personnel and frontline workers.

Notably, recent technological developments give employers the chance to engage in a kind of pre-offboarding. By deploying mobile surveys and using AI-enhanced sentiment analysis, employers can now determine well in advance when a particular employee might be on the way out and intervene accordingly. If that employee ultimately chooses to leave anyway, they will nonetheless depart with a much more positive relationship to your business.

This speaks to the critical function of empathy in an insider risk context. Even under the best conditions, frontline work can be unbelievably stressful, and employers are incumbent on not letting that negative sentiment transfer over to the company itself. It’s a delicate balancing act but an essential one. Given the average cost of an insider incident, getting it right should be a priority.

About the Author

Cristian Grossmann, the author of The Rise of the Frontline Worker, is a tech entrepreneur whose company Beekeeper has raised $196.5M in funding and supplies its mobile productivity and collaboration platform to some of the world’s biggest and best-known organizations, including Heathrow Airport, Domino’s Pizza, and Hilton Hotels. Cristian, a former frontline worker himself, understands first-hand the technology that is required to make the frontline workforce more effective. Prior to founding Beekeeper, he worked for Accenture on high profile international projects in the field of IT Strategy for the financial and public sectors. Cristian studied Chemical Engineering and got his Ph.D. in Electrical Engineering, both at ETH Zurich. Before moving to beautiful Zurich, he was born and raised in an entrepreneurial Swiss-Mexican family in Mexico City. Cris can be reached via email at [email protected] and at our company website https://www.beekeeper.io/company/.