There has been a spike in layoffs over the last few months at numerous technology organizations, including Twitch, Unity, Dataminr, and more.
Emotions aside, these redundancies and layoffs pose several data security concerns for organizations having to navigate through this process.
If access entitlements and permissions are not dealt with accordingly and in accordance with employment status change, the risk of sensitive data theft or misuse runs high.
There is an undeniable lack of oversight and control over who has access to sensitive data within the IT estate during the layoff process.
Bad actors are increasingly targeting SaaS applications because they store precious data.
Businesses frequently use multiple cloud-based applications such as Google Drive or Slack to collaborate, store data, and share files with colleagues or clients.
Although these applications are beneficial in some ways, the collaborative nature can pose serious security risks to organizations because sensitive data is frequently stored within these applications.
Once this file is shared publicly, there's no telling who else might gain access to the data within.
Private data such as PII, passwords, and financial information are often shared between coworkers on these platforms.
This leaves sensitive data exposed for internal and external parties to take advantage of.
Bad actors or competitors might offer former employees money to share private, company-owned data.
If business leaders conduct layoffs abruptly without offering a reason or severance, laid off employees might also be frustrated and have incentive to leak data for their own personal gain.
Especially during this season of mass layoffs, businesses must take a proactive approach to protect confidential or proprietary information and avoid leakage of sensitive company data.
As more organizations adopt cloud-first SaaS operations, IT leaders will need to reevaluate their security posture and implement strict access permissions.
Security teams should frequently monitor for suspicious activity and file sharing, and ensure that only necessary personnel have access to sensitive data.
Most threats can be prevented with modern SaaS security tools for specific use cases, such as Data Loss Prevention, Cloud Access Security Broker, and Insider Risk Management solutions.
Training employees on best practices for data security will go a long way.
IT security teams should emphasize company policies during layoffs and remind employees that data security is a shared responsibility.
The cybersecurity threat of data leakage will likely continue to rise in line with layoffs.
Prior to founding DoControl, Adam was a Product Manager at Google Cloud, where he led ideation, execution, and strategy of Security & Privacy products serving Fortune 500 customers.
This Cyber News was published on www.cyberdefensemagazine.com. Publication date: Sat, 11 May 2024 13:13:08 +0000