IT Admin Stories of Challenge and Success
VAULT HOME
 / 
Security

The IT security problem lurking beneath the job market boom (and bust)

Both onboarding and offboarding scenarios leave opportunities for dangerous IT security problems in tech companies.

Erin Geiger, Content Lead @Lumos
8 Min Read
Share
https://lumos.com/onboarding-and-offboarding-it-security-problem

This story is part of Security Essentials, the IT Vault’s practical advice for getting the most out of your security team.

This story is part of Foundations Essentials, a collection of must-reads for all IT professionals.

In the tech world, hiring a new employee doesn’t just mean signing paperwork and training them, it also means making sure they have appropriate access to the correct apps and sensitive information so they can efficiently complete their job.

Even more difficult than the trouble involved in onboarding, when an employee leaves a tech company, it’s not as simple as just taking back their apron or uniform and waving goodbye like you might do when selling a traditional service or physical product. When an employee leaves a tech company, that company must delete their accounts and retract all of their access to sensitive information and company materials.

Both onboarding and offboarding scenarios leave opportunities for dangerous IT security problems in tech companies. Keep reading to learn more about the offboarding and onboarding meaning, how onboarding and offboarding puts your company at risk, and best practices for mitigating these risks.

What is Onboarding?

On a basic level, the onboarding definition is simply introducing a new employee to the organization they will be working in. During HR onboarding, a company helps the new employee learn about the company and their specific position. The HR team will also help the new employee integrate into the culture and workflow of the company and feel comfortable in their new position. In some situations, onboarding may take a few days or weeks, but in other, more involved situations or positions, onboarding could take closer to a year. As the employer, companies want to be sure they are setting clear expectations of the role and company rules as well as developing a strong, trusting relationship with the employee.

After reading that nice, straight-forward version of the onboarding process definition, you might be wondering, “what is digital onboarding?” As mentioned in the beginning of this article, onboarding an employee to a tech company doesn’t just stop at HR, it also includes the logistics of assigning permissions to certain accounts and sensitive data that the employee will need in order to complete their job. This is the part of the onboarding process where the IT team comes into play.

As an IT employee for a tech company, the new employee onboarding process probably means seemingly endless help tickets requesting app accounts and various permissions, also known as IT onboarding. And, chances are, it also means seemingly endless emails asking the employee if they have seen those help tickets. Overall, the onboarding process is likely leading the IT employee to a place of overwhelm and burnout, which might be making room for errors and security threats to sneak in. A poorly-managed IT onboarding process could also lower the IT team’s productivity as the onboarding tasks take them away from the other important aspects of their jobs.

Here’s the thing; onboarding is super important! It’s even estimated that a great onboarding process can improve productivity by over 70% and improve new hire retention by more than 80%. That means that having a good onboarding process not only helps your employees get to work faster, it also helps them stay around longer, which means you won’t have to onboard for this position again in the near future. This is good news for both the new employees and the IT team involved in their onboarding.

Onboarding Best Practices

Now that you know the importance of successfully and seamlessly onboarding an employee to your team, here is a short list of a few employee onboarding best practices, specifically for IT or digital onboarding:

Prepare before the first day: when a new employee is offered a position and they accept, there is typically a period of time before they come into the office (or log in virtually) for their first day. During this time, IT teams should work to prepare all necessary equipment, software, and tools that the new employee might need. This will likely include communication with the new employee’s manager to identify the apps they need and the correct permissions needed within these apps.

Stick to a process: developing and refining your onboarding process allows you to make sure nothing is being overlooked. What does onboarding process mean? This is the intentional, repeatable steps a company walks through while onboarding an employee. If you change your process with every employee you hire, you might miss something or make a mistake. This typically leads to decreased productivity and possible security issues. Your process should have documented procedures, follow-up guidelines, specific checklists, and ideal timelines to follow.

Address hardware first: your new employee can’t access their brand new app accounts if they don’t have the correct hardware to use while doing so. If your company supplies laptops, headphones, phones, USB sticks, or any other hardware, the distribution of these materials should be at the top of your repeatable process.

Don’t over-provision: when multiple app and account requests are sent to the IT team every day, it can be difficult for them to efficiently set the correct permissions for everyone in every app. Because of this, over-provisioning, sometimes called over-permissioning, can be tempting. Over-provisioning means giving an employee the highest level of permissions within an app or set of data just to be sure they can access what they need. This gives people access to sensitive data that they really don’t need access to, leaving a hole for security threats to sneak through.

Get feedback: the IT team’s communication with new employees shouldn’t end when they have the accounts and permissions they need. As mentioned in the first bullet, the onboarding system should include follow-up guidelines that will allow new employees to give feedback that can improve the onboarding process moving forward.

Onboarding and IT

So, it’s obvious that onboarding is a big process for HR teams, but, why is onboarding important for IT teams? IT teams have a large role in the success and safety of an employee’s transition and the sensitive information they have access to. Without intentional management of this sensitive information, security risks and problems are difficult to identify, track, and solve.

What is onboarding process for IT teams? Here’s a checklist IT teams can use to help protect their company from inside and outside threats in the midst of turnover, layoffs, and onboarding at scale, especially as these big changes are happening digitally more than they ever have before:

• Help new employees familiarize themselves with the technology they are using in their position. This should include simple materials used by everyone in the office if they are working in person such as copy machines and harddrives.

• Provide clear training on your company’s cybersecurity and privacy practices to every new employee. This could include how to store files, share sensitive data, and identify scams and other security threats.

• Provide ongoing access to privacy and cybersecurity resources for every employee. This could be an IT employee leading a monthly lunch meeting on recent security risks or even bringing in expert consultants from outside security companies to speak on a specific topic relevant to the company.

• Introduce new employees to the IT team and familiarize them with the process to take when they need IT assistance or have security-related questions or concerns. Employees should feel comfortable reaching out to their IT team when they have technical or security problems.

• Have new employees sign a data privacy agreement. This could include information such as how their personal data will be collected, managed, and protected in the company as well as the company’s rules for how employees should manage the secure data they interact with during their job. Security and IT consulting companies can help develop these agreements.

What is Offboarding?

When an employee leaves a company or changes teams, it’s time for the offboarding process to kick in. The definition of offboarding is the formal separation of an employee from the company. This includes transferring their responsibilities to a new person, gathering laptops and other company-owned equipment, and deprovisioning access to app accounts and sensitive information. As noted above, tracking which employees have access to which apps can be hard enough on IT teams. Throw in the manual removal of this access every time an employee shifts positions or leaves the company, and your IT team is on the fast track to burnout.

Throughout an employee’s time at a company, they are likely creating accounts in many different apps, possibly even without company permission, and accessing a ton of sensitive data. This means that, without proper access management and offboarding protocol, it’s almost impossible for IT teams to close up all holes in security that arise when an employee leaves and these accounts remain open and unused.

Research shows that less than 35% of companies have partially automated offboarding processes and less than 10% have full automated offboarding processes. When a company does not have an automated offboarding process, chances for human errors and missed steps increase dramatically. Ultimately, an incomplete employee offboard process leaves security gaps and likely even costs the company money when unused app accounts continue to charge the company for use.

Offboarding Best Practices

Like onboarding, there are many employee offboarding best practices for IT teams. Here are a few:

• Track company-owned property: keep an updated list of physical, company-owned tech items that each employee has. This could include laptops, key cards, headphones, cell phones, or other tech products. An updated list of physical items held by each employee will help be sure every item is returned when the time comes.

• Stick to a process: just like each time you onboard an employee, you should have a repeatable process for offboarding. Keeping a well-documented offboarding plan available to anyone involved in the process will help make sure that every step is achieved every single time.

• Automate your process: as mentioned above, offboarding an employee manually leaves room for human error and other security gaps, even with the well-documented plan listed above. And not only is security at risk with manual onboarding, it will also take precious time and energy from the IT team members who already have a lot on their plate. Luckily, there are tools available to help you automate this process. For example, Lumos helps companies streamline offboarding and reduce risk by automatically removing user access to the company’s tech stack with one click.

Offboarding and IT

Just like onboarding, offboarding is a big process for HR teams, but, at the same time, IT team involvement is critical to successfully and safely separating an employee from a company.

Here’s a checklist for IT teams to use while offboarding so they can help protect their company from security threats as companies are experiencing high levels of turnover and layoffs:

Offboarding:

• Revoke access to SSO (single sign on) programs used by your company. This can be a great place to start when revoking access to apps and programs.

• Remove access to databases and servers. This is another wide-open access point for security threats when left open.

• Collect all company-owned equipment. Keeping a well-documented equipment list throughout the employee’s time at the company can help make this step easier.

• Close all employee SaaS accounts. Using an automated tool like Lumos makes this step of the process safer and easier to accomplish.

Keeping Your Company Safe with Onboarding and Offboarding

If your company is working to bring in high-quality candidates in this job market, it’s more important than ever to have a great onboarding process. As more and more of these employees work digitally and cyber threats increase, it’s also more important than ever to make sure your company’s IT onboarding process is well developed and well managed.

Hopefully, your onboarding process sets employees up for success in your company, but when it’s someone’s time to move to a new position in the company or switch companies for one reason or another, your company’s offboarding process is just as important for protecting against security threats. Whether your employees are coming or going, automated, well-documented onboarding and offboarding processes allow your IT team to rest easy knowing that the company’s sensitive information is secure.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
This is some text inside of a div block.

By using this form, you agree with Lumos' Privacy Policy