How High Employee Turnover Poses Increased Cybersecurity Risk

employee turnover

In 2019, US companies had an average turnover rate of 22%, and the retail and wholesale industry saw the highest average voluntary turnover rate, followed by contact center and customer service, manufacturing and operations, and sales.

However, employee turnover is not just an HR issue, companies can also face increased cybersecurity risk through substantial losses as a result of IP theft. The Commission on the Theft of American Intellectual Property estimates that annual costs from IP losses range from $225 billion to $600 billion. Current employees in a trusted relationship with the organization, and former employees, are the leading culprits. The biggest targets for information loss include financial data, research, developer materials, customer lists, and strategic plans and roadmaps. An organization needs to be proactive and develop a strategic onboarding process to develop a positive security culture. More importantly, a proactive off-boarding process is needed to make sure information doesn’t leave with an employee.

When an employee leaves a company, your immediate reaction is to disable their primary account, but are you sure you know everything that the employee had access to? With the global SaaS market reaching up to $436.9 billion in 2025(CAGR 12.5%), the need for better tools and workflows is even more crucial to IT departments. Simple things like social media and vendor or partner websites are the top applications that get missed the most when people leave an organization. Continued access to one of those applications could lead to problems down the road.

Build a positive company culture to prevent insider threat

Protecting IT data from rogue employees is the end game. Company culture is a huge deterrent of high employee turnover that leads to this data loss. Culture comes from the top and a supporting culture should begin on the first day of employment. The days of building a wall around your company are over. Employees inside those walls lead to the internal data breaches we see in the news. Companies that foster a positive culture can lower the risk of corporate data loss when someone leaves an organization. 

Unfortunately, in the times we live in today, people are constantly on the move. The average person changes jobs or roles every 2 - 4 years. IT leaders need to be creative with the tools and processes that are put in place to protect the company financially and legally.

In a whitepaper sponsored by Sonian and written by Osterman Research, they provide a checklist of best practices for protecting your data when an employee leaves a company.

Best practices for protecting data when employees leave

  • Disable accounts to which the employee has access
  • Disable access to the company network
  • Disable access to the Active Directory user account or equivalent
  • Change passwords for all applications, cloud-based storage, etc
  • Take the employee’s security pass
  • Remove employee from all distribution lists
  • Redirect employee communication (e.g., email) to an appropriate individual
  • Delete the employee’s voicemail account and/or change the voicemail password

Mitigating internal risk with Single Sign-On

One of the best ways to protect your data as cloud adoption grows is to centralize cloud applications using Single Sign-On (SSO). SSO helps to simplify the onboarding process and offboarding departures and supports regular auditing of user access and permissions. SSO combined with strong password policies for individual applications will reduce the likelihood of employees gaining rogue access to applications upon their departure.

Technology leaders should be proactive on an everyday basis and not just reactive when an employee exits a position. Whether an employee leaves on their own terms or is terminated, management and IT staff should always be on high alert. Make it a habit to constantly evaluate best practice policies and procedures to ensure your companies data and assets are secure and reduce the loss of valuable data.

If you're interested to learn more about how SAML for SSO can help your organization, check out our SAML for SSO ebook

SAML for Single Sign-On Ebook

Tags: data security, Single Sign-On, secure passwords, Single Sign Off, security risk, IT Management, employee turnover, internal data breach, insider threat, insider risk, internal threat, password policy, offboarding employees

Eric Jeffers

Author: Eric Jeffers