yesAdam JanofskyNone
×

Get access to Protocol

I’ve already subscribed

Will be used in accordance with our Privacy Policy

Power

How to manage Slack and email for laid-off and furloughed workers

Mass layoffs carry a cybersecurity risk, experts warn.

A disgruntled worker sitting at her computer in the dark

Cybersecurity professionals have long recognized that data breaches can come from disgruntled or fired employees.

Photo: FG Trade via Getty Images

As more people are laid-off and furloughed due to the economic impacts of the coronavirus pandemic, businesses are left with the difficult task of removing employees from company systems securely and protecting data and IP.

Cybersecurity professionals have long recognized that data breaches can come from disgruntled or fired employees. These insider threat incidents might be more destructive and costly now than they have been in the past, such as during the mass layoffs of the 2008 financial crisis, because many employees have access to huge amounts of data through tools including Slack, Box and OneDrive that can be transferred with ease to a personal email or thumb drive, said Joe Payne, chief executive of cybersecurity firm Code42.

"The collaboration tools that are helping us survive this crisis … make it easy for employees to take critical company data — customer lists, product plans, source code — when they leave the organization. They are especially likely to do this when laid off," Payne said in an email.

It's likely necessary to lock down access to email and other data quickly in both cases of layoffs and furloughs. But Shawn Henry, chief security officer at CrowdStrike. said communicating this empathetically can go a long way toward quelling employee resentment, particularly in situations where it's possible the employee will be rehired in the future. For example a manager might say, "We're looking to minimize the risk to our company, and in doing that we're minimizing who has access to that data."

In his advice on managing layoffs, Andreessen Horowitz's David Ulevitch recommended that companies revoke access to resources like email on the day an employee is notified of termination. He also wrote that it might be appropriate to let employees use their laptops after their last day, especially in current situations when people are working remotely, and you can't retrieve the device immediately. Still, he cautions to evaluate the security and intellectual property implications before letting employees keep devices indefinitely.

Staying ahead of insider threats

Cybersecurity experts said there are a number of tools and procedures that organizations should have in place to detect and prevent insider threats from laid-off employees. The first step is identifying the company's "crown jewels," or the data and systems that are the most valuable and vulnerable, said Jon Ford, a director at the cybersecurity and incident response firm FireEye. Companies should limit who has access to these systems and data in the first place, and should cut off access quickly when employees leave the company, said Shuman Ghosemajumder, global head of AI at F5 Networks, a maker of application security technology.

Security teams can deploy technology that monitors employee behavior and actions to identify early signs of an insider threat, said McAfee Chief Technology Officer Steve Grobman. "If all of a sudden you see an employee who has never accessed the customer database download the whole thing, you need to look for those types of events," he said. Other tools can block attempts to exfiltrate that data by preventing screenshots, print jobs or transferring it to another device, depending on how sensitive the data is, Ford said.

Security teams should also involve HR and business leaders in their insider threat detection plans to better understand who has rich access to company systems and data, and who is likely to take out their frustration on the organization if they're fired.

"Insider threats are going to become much more prevalent as we look ahead," Ford said. "Our practices have evolved around external hackers … but insider threats can have a much more detrimental impact, and remediation can be much more exorbitant for an internal attacker versus an external one."

Furloughs make things more complicated

Companies might want to consider allowing furloughed employees or other workers who they hope to rehire to retain temporary access to their corporate devices and some applications, said Sandra Sucher, a professor of management practice at Harvard Business School who has written extensively on layoffs and workforce changes.

"You need to ask what the application is being used for; if Slack is being used to communicate in detail about confidential work information, that's a different story, but if it's being used the way I see it being used in a lot of organizations, it's more of a social network," she said. "Allowing them to keep access will maintain a connection, and the company will be rewarded when they need to reconstitute their workforce." Companies in highly regulated industries, such as finance or health care, might be required to cut off access completely, she added.

Some good news for companies is that there are technologies they can deploy to help closely manage who can access what corporate data. Okta, an identity and access management firm, has tools that allow businesses to immediately deprovision an employee's access to sensitive applications following a layoff, but maintain access to other services, such as a general Slack channel. The tools can also retain all the data, so if an employee rejoins the company, they will still have access to documents or other information that was temporarily made inaccessible, said Okta co-founder and Chief Operating Officer Frederic Kerrest.

"There are a lot of humane reasons to do things like allowing people to keep access to specific Slack channels and video conferencing apps," he said. "You definitely want to ensure that [if they rejoin the organization] you get them with a high morale and get reintegrated as fast as possible."

The danger is very real

One challenge to managing technology access of employees who are being let go is that the results can be devastating. F5 Networks' Ghosemajumder said that while most laid-off workers will behave professionally and ethically, a small percentage will try to harm their former employers. These types of incidents can be particularly damaging and difficult to detect because the employee might have legitimate access to the data and systems that they are targeting and likely know the organization better than an external hacker would. The average cost of an insider threat incident was $8.7 million in 2018, according to a report by the Ponemon Institute. This can include the cost of an investigation, remediation, legal fees, reputational damage, and the value of lost or destroyed IP.

One example that shows how much damage an employee can do to a corporate computer network happened at the Canadian Pacific Railway and resulted in a felony. In 2018, the U.S. Department of Justice announced that Christopher Grupe, a former IT employee of the CPR, was sentenced to a year in prison for intentionally damaging the company's computer network. Upon being informed that he was going to be fired, Grupe "strategically deleted files, removed administrative-level accounts, and changed passwords on the remaining administrative-level accounts, thereby locking CPR out of" its core computer network that handled critical data, according to the announcement. "Grupe then attempted to conceal his activity by wiping the laptop's hard drive before returning it to CPR."


Get in touch with us: Share information securely with Protocol via encrypted Signal or WhatsApp message, at 415-214-4715 or through our anonymous SecureDrop.


Cybersecurity experts say a more common scenario involves employees who take sensitive corporate data or valuable intellectual property when they leave an organization. Last month, for example, former Google engineer Anthony Levandowski admitted to downloading thousands of documents about the company's self-driving program in 2015 and transferring them to his personal laptop.

This type of behavior is surprisingly common, studies show. According to a 2019 report from Code42, 65% of security professionals admit to taking company information to their next job.

FireEye has also noticed a new trend where employees don't just take data on their way out the door and use it in their new job — they try to extort the company for money, Ford said. "Last year we saw several cases where an insider extorted a company with data they had stolen. In several cases, they stated they were an external actor, but forensic evidence pointed towards them, and law enforcement either arrested or interviewed them," he said.
People

Making the economy work for Black entrepreneurs

Funding for Black-owned startups needs to grow. That's just the start.

"There is no quick fix to close the racial wealth and opportunity gaps, but there are many ways companies can help," said Mastercard's Michael Froman.

Photo: DigitalVision/Getty Images

Michael Froman is the vice chairman and president of Strategic Growth for Mastercard.

When Tanya Van Court's daughter shared her 9th birthday wish list — a bike and an investment account — Tanya had a moment of inspiration. She wondered whether helping more kids get excited about saving for goals and learning simple financial principles could help them build a pathway to financial security. With a goal of reaching every kid in America, she founded Goalsetter, a savings and financial literacy app for kids. Last month, Tanya brought in backers including NBA stars Kevin Durant and Chris Paul, raising $3.9 million in seed funding.

Keep Reading Show less
Michael Froman
Michael Froman serves as vice chairman and president, Strategic Growth for Mastercard. He and his team drive inclusive growth efforts and partner across public and private sectors to address major societal and economic issues. From 2013 to 2017, Mike served as the U.S. trade representative, President Barack Obama’s principal adviser and negotiator on international trade and investment issues. He is a distinguished fellow of the Council on Foreign Relations and a member of the board of directors of The Walt Disney Company.
Sponsored Content

Building better relationships in the age of all-remote work

How Stripe, Xero and ModSquad work with external partners and customers in Slack channels to build stronger, lasting relationships.

Image: Original by Damian Zaleski

Every business leader knows you can learn the most about your customers and partners by meeting them face-to-face. But in the wake of Covid-19, the kinds of conversations that were taking place over coffee, meals and in company halls are now relegated to video conferences—which can be less effective for nurturing relationships—and email.

Email inboxes, with hard-to-search threads and siloed messages, not only slow down communication but are also an easy target for scammers. Earlier this year, Google reported more than 18 million daily malware and phishing emails related to Covid-19 scams in just one week and more than 240 million daily spam messages.

Keep Reading Show less
People

Citizen’s plan to keep people safe (and beat COVID-19) with an app

Citizen CEO Andrew Frame talks privacy, safety, coronavirus and the future of the neighborhood watch.

Citizen added COVID-19 tracking to its app over the summer — but its bigger plans got derailed.

Photo: Citizen

Citizen is an app built on the idea that transparency is a good thing. It's the place users — more than 7 million of them, in 28 cities with many more to come soon — can find out when there's a crime, a protest or an incident of any kind nearby. (Just yesterday, it alerted me, along with 17,900 residents of Washington, D.C., that it was about to get very windy. It did indeed get windy.) Users can stream or upload video of what's going on, locals can chat about the latest incidents and everyone's a little safer at the end of the day knowing what's happening in their city.

At least, that's how CEO Andrew Frame sees it. Critics of Citizen say the app is creating hordes of voyeurs, incentivizing people to run into dangerous situations just to grab a video, and encouraging racial profiling and other problematic behaviors all under the guise of whatever "safety" means. They say the app promotes paranoia, alerting users to things that they don't actually need to know about. (That the app was originally called "Vigilante" doesn't help its case.)

Keep Reading Show less
David Pierce

David Pierce ( @pierce) is Protocol's editor at large. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.

Transforming 2021

Blockchain, QR codes and your phone: the race to build vaccine passports

Digital verification systems could give people the freedom to work and travel. Here's how they could actually happen.

One day, you might not need to carry that physical passport around, either.

Photo: CommonPass

There will come a time, hopefully in the near future, when you'll feel comfortable getting on a plane again. You might even stop at the lounge at the airport, head to the regional office when you land and maybe even see a concert that evening. This seemingly distant reality will depend upon vaccine rollouts continuing on schedule, an open-sourced digital verification system and, amazingly, the blockchain.

Several countries around the world have begun to prepare for what comes after vaccinations. Swaths of the population will be vaccinated before others, but that hasn't stopped industries decimated by the pandemic from pioneering ways to get some people back to work and play. One of the most promising efforts is the idea of a "vaccine passport," which would allow individuals to show proof that they've been vaccinated against COVID-19 in a way that could be verified by businesses to allow them to travel, work or relax in public without a great fear of spreading the virus.

Keep Reading Show less
Mike Murphy

Mike Murphy ( @mcwm) is the director of special projects at Protocol, focusing on the industries being rapidly upended by technology and the companies disrupting incumbents. Previously, Mike was the technology editor at Quartz, where he frequently wrote on robotics, artificial intelligence, and consumer electronics.

People

Why the CEO of GoFundMe is calling out Congress on coronavirus

GoFundMe has seen millions of Americans asking for help to put food on the table and pay the bills. Tim Cadogan thinks Congress should help fix that.

"They need help with rent. They need help to get food. They need help with basic bills," GoFundMe CEO Tim Cadogan said. "That's what people need help with to get through this period."

Photo: John Lamparski/Getty Images

Tim Cadogan started his first day as CEO of GoFundMe about two weeks before the pandemic wrecked the world. He knew he was joining a company that tried to help people make extra money. He didn't know his company would become a lifeline for millions of Americans who couldn't pay their bills or put food on the table.

And so after a year in which millions of people have asked for help from strangers on GoFundMe, and at least $600 million has been raised (that number could be as much as $1 billion or more now, but GoFundMe didn't provide fundraising data past August) just for coronavirus-related financial crises, Cadogan has had enough. On Thursday, he wrote an open letter to Congress calling for a massive federal aid package aimed at addressing people's fundamental needs. In an unusual call for federal action from a tech CEO, Cadogan wrote that GoFundMe should not and can never replace generous Congressional aid for people who are truly struggling.

Keep Reading Show less
Anna Kramer

Anna Kramer is a reporter at Protocol (@ anna_c_kramer), where she helps write and produce Source Code, Protocol's daily newsletter. Prior to joining the team, she covered tech and small business for the San Francisco Chronicle and privacy for Bloomberg Law. She is a recent graduate of Brown University, where she studied International Relations and Arabic and wrote her senior thesis about surveillance tools and technological development in the Middle East.

Latest Stories