10 Tips for Maintaining Information Security During Layoffs

Business disruption and the financial toll brought on by the COVID-19 has forced many companies, large and small, to let go of staff. In fact, more than 40 million Americans have filed for unemployment in the past 10 weeks, with cuts hitting major companies including Boeing, IBM, and United Airlines.

While layoffs are never an easy scenario to deal with at any time, how well they are handled varies greatly, says Niamh Muldoon, senior director of trust and security EMEA with OneLogin.

"Early in my career, I worked on a case where a layoff process went horribly wrong and resulted in huge financial loss for the company along with a huge investigation, e-discovery, and a legal case," Muldoon says. "So, I urge organizations to invest time into properly planning for this unfortunate situation."

That includes the potential repercussions if a laid-off employee decides to retaliate and walk away with private corporate intellectual property (IP) or other sensitive data. And that's not unusual: According to a recent report on 2,000 US and UK employees from email security firm Tessian, more than one-third admitted taking company documents with them when they left a job. The data also revealed US employees are almost twice as likely to download, save, or exfiltrate work-related documents before leaving or after being dismissed from a job.

How can security managers ensure data doesn't walk out the door with a departing employee? Here are 10 recommendations to keep the layoff process secure.