The Great Resignation looks to soon arrive in Australia and, if we’re not careful, it may also bring with it The Great Resentment. Over the past 12 months in North America unprecedented numbers of employees (20 million according to US Bureau of Labour Statistics) have made the decision to resign with the mandated call of returning to the office being the biggest reason. The Australian Bureau of Statistics figures more than 600,000 Australians expect to be with a new employer in 2022, or some 5 per cent of the total workforce, but could the “Great Resignation” spark a cyber security crisis?
Employees resign from their positions for various reasons and in many different circumstances. Some will be disgruntled/disengaged, while others will be looking to make themselves as attractive to rival companies and competitors as possible. Some will have no ill-will to their previous employers whatsoever. But all these employees present different types of security risks.
The first and most significant risk is data theft. Employees may steal internal data, sensitive commercial information, or valuable Intellectual Property (IP) to take to a competitor. Whether deliberate or accidental, these vulnerabilities can significantly impact businesses.
With the Australian unemployment rate at 4.2% some people (particularly with specialty skills) can walk out the door with confidence because of labour shortages, particularly in the information technology sector. Some employees may seek to present themselves to new employers as having access to sensitive competitor information they can take with them from their old job without realizing this might constitute data theft. Alternatively, at the other end of the scale, an employee with a serious grudge might seek to leak or sell sensitive information or even give ransomware hackers access to their ex-employer’s digital environment in exchange for a share of the ransom payment (as did happen in the US in 2021).
The second major risk is accidental exposure. As employees work out their notice period, there is a risk that they’ll become less vigilant when it comes to security due diligence. Unknowingly exposing a business to security risks via remote work is a concern as is the increased use of personal phones/laptops and networks. This kind of carelessness is compounded by ‘working from home’ (WFH) work practices. CISOs and cyber security teams have been left to deal with the complexities of the workplace balancing act. A decentralised workforce allows employees to potentially access sensitive internal data more easily (from home) with a less sophisticated security posture.
So what can businesses do to protect themselves during “The Great Resignation”? A comprehensive off-boarding plan that’s activated as soon as an employee hands in their notice for starters. An effective process between cyber security teams and HR to begin gradually withdrawing certain employee access, particularly to sensitive data over the remaining few weeks.
In the broader context of WFH and increased resignations, organisations need to understand their shifting vulnerabilities. With the anticipated increase in workforce movement, cyber security teams need to find and stop cyber-attacks and insider threats faster than ever, limiting the possibility for an ex-employee to become a security risk. The "new normal" of remote work isn't going away any time soon, so businesses must maintain high standards and prioritize data protection practices as employees work from home or hybrid arrangement for the foreseeable future.
The Decipher Bureau effect - If you need support finding the right cyber talent or workplace in the year ahead, contact our team of specialist cybersecurity recruiters at the Decipher Bureau here or via LinkedIn.