Source Code: Your daily look at what matters in tech.

source-codesource codeauthorAdam JanofskyNoneWant your finger on the pulse of everything that's happening in tech? Sign up to get David Pierce's daily newsletter.64fd3cbe9f
×

Get access to Protocol

Your information will be used in accordance with our Privacy Policy

I’m already a subscriber
Power

How to manage Slack and email for laid-off and furloughed workers

Mass layoffs carry a cybersecurity risk, experts warn.

A disgruntled worker sitting at her computer in the dark

Cybersecurity professionals have long recognized that data breaches can come from disgruntled or fired employees.

Photo: FG Trade via Getty Images

As more people are laid-off and furloughed due to the economic impacts of the coronavirus pandemic, businesses are left with the difficult task of removing employees from company systems securely and protecting data and IP.

Cybersecurity professionals have long recognized that data breaches can come from disgruntled or fired employees. These insider threat incidents might be more destructive and costly now than they have been in the past, such as during the mass layoffs of the 2008 financial crisis, because many employees have access to huge amounts of data through tools including Slack, Box and OneDrive that can be transferred with ease to a personal email or thumb drive, said Joe Payne, chief executive of cybersecurity firm Code42.

"The collaboration tools that are helping us survive this crisis … make it easy for employees to take critical company data — customer lists, product plans, source code — when they leave the organization. They are especially likely to do this when laid off," Payne said in an email.

It's likely necessary to lock down access to email and other data quickly in both cases of layoffs and furloughs. But Shawn Henry, chief security officer at CrowdStrike. said communicating this empathetically can go a long way toward quelling employee resentment, particularly in situations where it's possible the employee will be rehired in the future. For example a manager might say, "We're looking to minimize the risk to our company, and in doing that we're minimizing who has access to that data."

In his advice on managing layoffs, Andreessen Horowitz's David Ulevitch recommended that companies revoke access to resources like email on the day an employee is notified of termination. He also wrote that it might be appropriate to let employees use their laptops after their last day, especially in current situations when people are working remotely, and you can't retrieve the device immediately. Still, he cautions to evaluate the security and intellectual property implications before letting employees keep devices indefinitely.

Staying ahead of insider threats

Cybersecurity experts said there are a number of tools and procedures that organizations should have in place to detect and prevent insider threats from laid-off employees. The first step is identifying the company's "crown jewels," or the data and systems that are the most valuable and vulnerable, said Jon Ford, a director at the cybersecurity and incident response firm FireEye. Companies should limit who has access to these systems and data in the first place, and should cut off access quickly when employees leave the company, said Shuman Ghosemajumder, global head of AI at F5 Networks, a maker of application security technology.

Security teams can deploy technology that monitors employee behavior and actions to identify early signs of an insider threat, said McAfee Chief Technology Officer Steve Grobman. "If all of a sudden you see an employee who has never accessed the customer database download the whole thing, you need to look for those types of events," he said. Other tools can block attempts to exfiltrate that data by preventing screenshots, print jobs or transferring it to another device, depending on how sensitive the data is, Ford said.

Security teams should also involve HR and business leaders in their insider threat detection plans to better understand who has rich access to company systems and data, and who is likely to take out their frustration on the organization if they're fired.

"Insider threats are going to become much more prevalent as we look ahead," Ford said. "Our practices have evolved around external hackers … but insider threats can have a much more detrimental impact, and remediation can be much more exorbitant for an internal attacker versus an external one."

Furloughs make things more complicated

Companies might want to consider allowing furloughed employees or other workers who they hope to rehire to retain temporary access to their corporate devices and some applications, said Sandra Sucher, a professor of management practice at Harvard Business School who has written extensively on layoffs and workforce changes.

"You need to ask what the application is being used for; if Slack is being used to communicate in detail about confidential work information, that's a different story, but if it's being used the way I see it being used in a lot of organizations, it's more of a social network," she said. "Allowing them to keep access will maintain a connection, and the company will be rewarded when they need to reconstitute their workforce." Companies in highly regulated industries, such as finance or health care, might be required to cut off access completely, she added.

Some good news for companies is that there are technologies they can deploy to help closely manage who can access what corporate data. Okta, an identity and access management firm, has tools that allow businesses to immediately deprovision an employee's access to sensitive applications following a layoff, but maintain access to other services, such as a general Slack channel. The tools can also retain all the data, so if an employee rejoins the company, they will still have access to documents or other information that was temporarily made inaccessible, said Okta co-founder and Chief Operating Officer Frederic Kerrest.

"There are a lot of humane reasons to do things like allowing people to keep access to specific Slack channels and video conferencing apps," he said. "You definitely want to ensure that [if they rejoin the organization] you get them with a high morale and get reintegrated as fast as possible."

The danger is very real

One challenge to managing technology access of employees who are being let go is that the results can be devastating. F5 Networks' Ghosemajumder said that while most laid-off workers will behave professionally and ethically, a small percentage will try to harm their former employers. These types of incidents can be particularly damaging and difficult to detect because the employee might have legitimate access to the data and systems that they are targeting and likely know the organization better than an external hacker would. The average cost of an insider threat incident was $8.7 million in 2018, according to a report by the Ponemon Institute. This can include the cost of an investigation, remediation, legal fees, reputational damage, and the value of lost or destroyed IP.

One example that shows how much damage an employee can do to a corporate computer network happened at the Canadian Pacific Railway and resulted in a felony. In 2018, the U.S. Department of Justice announced that Christopher Grupe, a former IT employee of the CPR, was sentenced to a year in prison for intentionally damaging the company's computer network. Upon being informed that he was going to be fired, Grupe "strategically deleted files, removed administrative-level accounts, and changed passwords on the remaining administrative-level accounts, thereby locking CPR out of" its core computer network that handled critical data, according to the announcement. "Grupe then attempted to conceal his activity by wiping the laptop's hard drive before returning it to CPR."


Get in touch with us: Share information securely with Protocol via encrypted Signal or WhatsApp message, at 415-214-4715 or through our anonymous SecureDrop.


Cybersecurity experts say a more common scenario involves employees who take sensitive corporate data or valuable intellectual property when they leave an organization. Last month, for example, former Google engineer Anthony Levandowski admitted to downloading thousands of documents about the company's self-driving program in 2015 and transferring them to his personal laptop.

This type of behavior is surprisingly common, studies show. According to a 2019 report from Code42, 65% of security professionals admit to taking company information to their next job.

FireEye has also noticed a new trend where employees don't just take data on their way out the door and use it in their new job — they try to extort the company for money, Ford said. "Last year we saw several cases where an insider extorted a company with data they had stolen. In several cases, they stated they were an external actor, but forensic evidence pointed towards them, and law enforcement either arrested or interviewed them," he said.

Does Elon Musk make Tesla tech?

Between the massive valuation and the self-driving software, Tesla isn't hard to sell as a tech company. But does that mean that, in 10 years, every car will be tech?

You know what's not tech and is a car company? Volkswagen.

Image: Tesla/Protocol

From disagreements about what "Autopilot" should mean and SolarCity lawsuits to space colonization and Boring Company tunnels, extremely online Tesla CEO Elon Musk and his company stay firmly in the news, giving us all plenty of opportunities to consider whether the company that made electric cars cool counts as tech.

The massive valuation definitely screams tech, as does the company's investment in self-driving software and battery development. But at the end of the day, this might not be enough to convince skeptics that Tesla is anything other than a car company that uses tech. It also raises questions about the role that timeliness plays in calling something tech. In a potential future where EVs are the norm and many run on Tesla's own software — which is well within the realm of possibility — will Tesla lose its claim to a tech pedigree?

Keep Reading Show less
Becca Evans
Becca Evans is a copy editor and producer at Protocol. Previously she edited Carrie Ann Conversations, a wellness and lifestyle publication founded by Carrie Ann Inaba. She's also written for STYLECASTER. Becca lives in Los Angeles.

As President of Alibaba Group, I am often asked, "What is Alibaba doing in the U.S.?"

In fact, most people are not aware we have a business in the U.S. because we are not a U.S. consumer-facing service that people use every day – nor do we want to be. Our consumers – nearly 900 million of them – are located in China.

Keep Reading Show less
J. Michael Evans
Michael Evans leads and executes Alibaba Group's international strategy for globalizing the company and expanding its businesses outside of China.
Protocol | Workplace

Apple isn’t the only tech company spooked by the delta variant

Spooked by rising cases of COVID-19, many tech companies delay their office reopening.

Apple and at least two other Silicon Valley companies have decided to delay their reopenings in response to rising COVID-19 case counts.

Photo: Luis Alvarez via Getty

Apple grabbed headlines this week when it told employees it would delay its office reopening until October or later. But the iPhone maker wasn't alone: At least two other Silicon Valley companies decided to delay their reopenings last week in response to rising COVID-19 case counts.

Both ServiceNow and Pure Storage opted to push back their September return-to-office dates last week, telling employees they can work remotely until at least the end of the year. Other companies may decide to exercise more caution given the current trends.

Keep Reading Show less
Allison Levitsky
Allison Levitsky is a reporter at Protocol covering workplace issues in tech. She previously covered big tech companies and the tech workforce for the Silicon Valley Business Journal. Allison grew up in the Bay Area and graduated from UC Berkeley.
Protocol | Workplace

Half of working parents have felt discriminated against during COVID

A new survey found that working parents at the VP level are more likely to say they've faced discrimination at work than their lower-level counterparts.

A new survey looks at discrimination faced by working parents during the pandemic.

Photo: d3sign/Getty Images

The toll COVID-19 has taken on working parents — particularly working moms — is, by now, well-documented. The impact for parents in low-wage jobs has been particularly devastating.

But a new survey, shared exclusively with Protocol, finds that among parents who kept their jobs through the pandemic, people who hold more senior positions are actually more likely to say they faced discrimination at work than their lower-level colleagues.

Keep Reading Show less
Issie Lapowsky

Issie Lapowsky ( @issielapowsky) is Protocol's chief correspondent, covering the intersection of technology, politics, and national affairs. She also oversees Protocol's fellowship program. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University's Center for Publishing on how tech giants have affected publishing.

Protocol | Enterprise

Alphabet goes deep into industrial robotic software with Intrinsic

If it succeeds, the gambit could help support Google Cloud's lofty ambitions in the manufacturing sector.

Alphabet is aiming to make advanced robotic technology affordable to customers.

Photo: Getty Images

Alphabet launched a new division Friday called Intrinsic, which will focus on building software for industrial robots, per a blog post. The move plunges the tech giant deeper into a sector that's in the midst of a major wave of digitization.

The goal of Intrinsic is to "give industrial robots the ability to sense, learn, and automatically make adjustments as they're completing tasks, so they work in a wider range of settings and applications," CEO Wendy Tan-White wrote in the post.

Keep Reading Show less
Joe Williams

Joe Williams is a senior reporter at Protocol covering enterprise software, including industry giants like Salesforce, Microsoft, IBM and Oracle. He previously covered emerging technology for Business Insider. Joe can be reached at JWilliams@Protocol.com. To share information confidentially, he can also be contacted on a non-work device via Signal (+1-309-265-6120) or JPW53189@protonmail.com.

Latest Stories