Millions of workers are leaving their jobs after enduring stay-at-home lockdowns and reflecting on what they need to be truly happy and healthy. While the ‘Great Resignation’ could have a positive impact on society, it also represents a security risk for businesses of all sizes.
Because if your company doesn’t keep tabs on its rapidly changing workforce, it could accidentally grant someone the wrong access and, in the worst-case scenario, give cybercriminals access to critical data.
To safely navigate the Great Resignation, you need to focus on two key areas: provisioning and device management.
Why provisioning matters
“Provisioning” can refer to many aspects of IT infrastructure, but here we’re talking about access to important files, accounts, and services. In 2021, almost every employee needed a combination of software and digital resources to do their job. Depending on your industry, that might have included apps, browser-based services, or files stored on a company-managed server.
To keep your business secure, it’s important you monitor and control what everyone has access to. That includes current employees, but also the people who have recently decided to leave your company as part of the Great Resignation.
In our first State of Access study, a quarter of respondents said they had tried to access a former work account after leaving a job – and over 80% of that group said they were successful.
If you’re unsure what people are using and don’t have a way to revoke their access, there’s a higher chance they’ll leak sensitive information or make a mistake that lets a thief slip past your digital defenses. This scenario could happen during or after their time at your company, if they never lose access to your team’s accounts and data.
So what’s the solution? Well, if you don’t have a formal system for granting, revoking, and monitoring access, it’s time to change that. Your own memory might be sufficient when you have just a handful of employees, but it won’t be able to keep up with the volume of people who are likely to join and leave your company during the Great Resignation. Relying on access management tools, like a business password manager, is the best way to limit this risk.
The role of a password manager
An enterprise-ready password manager like 1Password gives you a secure and convenient way of granting people access to whatever accounts they need. With 1Password Teams and 1Password Business, you can place credentials into labeled vaults (these act a bit like shared folders) and then organize employees into custom groups with varying levels of access.
For example, you might have an employee group called Marketing that can access three vaults called Blog, Social Media, and Analytics. When a new product marketer joins your company, you can add them to the Marketing group and quickly give them access to the credentials they need to do their job. Just as importantly, you can be confident they don’t have access to the Finance vaults, which would let them view sensitive financial documents.
Password managers like 1Password are also useful when someone decides to leave your company – something that could happen more often during the Great Resignation. You can quickly and remotely shut down their 1Password account, and also update the passwords they used to have access to. That way, even if the ex-employee memorized their passwords or wrote them down, they won’t be able to access anything.
The best part? The rest of your team can access the new passwords right away. That means you don’t have to send out a company-wide email and pray everyone reads it before attempting to log into the associated accounts. Anyone who had access to the old credentials can see, share and autofill the updated versions.
When to use identity and access management (IAM) software
A password manager is a great starting point for smaller teams. But if you’re a multinational business with hundreds of employees, you should also consider an identity and access management solution (IAM) like Okta or JumpCloud. These give IT admins another way to control the apps and services that current and former employees are able to access.
How does it work? Team members typically use single sign-on (SSO) which, as the name implies, allows them to sign in to multiple services using the same set of credentials. IT admins, meanwhile, usually have a dashboard which gives them an overview of their team and control the services that each person can and can’t sign in to using SSO.
Like a password manager, IAM is valuable because it gives you clarity over what everyone has access to and, just as importantly, what’s outside their reach. It also creates a clear workflow that should be followed whenever someone joins or leaves your company. Onboarding a new hire? Consider their role and give them an appropriate level of access via SSO. Then, on their last day, return to your IAM service’s dashboard and revoke their privileges.
Many companies also use SSO and a password manager together. Because when you have 1Password, the logins that people make outside their SSO – and the login for the SSO, for that matter – are much stronger.
Taking care of hardware
But software is only one half of the equation. If you want to keep your business secure during the Great Resignation, you also need to think about hardware. First, let’s talk about company-issued devices. Does your business provide team members with a computer, phone, or tablet? If so, you need to keep track of them. They might contain confidential files, or be signed in to apps and web-based services that criminals would love to gain access to.
When someone decides to leave your company, ensure they wipe their devices and give them back to the company. Otherwise, the soon-to-be-former employee might continue to use their company devices in a personal capacity. They could then make a mistake, like falling for a phishing email or downloading malware, that allows a criminal to access your company’s data.
Larger businesses will also want to consider mobile device management (MDM) software like Hexnode or Miradore. These allow IT admins to create policies that dictate what software can be installed and when components like the camera can be turned on. Many MDM solutions will also let administrators remotely lock and wipe devices if they’re ever stolen or lost. These could also prove useful if a former employee forgets or ignores your request to give their company devices back.
You can’t expect people to install MDM software on personal machines.
You’ll need to take a different approach with employee-owned hardware. Bring Your Own Device (BYOD) policies have grown in popularity as a way for companies to cut costs, support remote work, and empower staff to be productive with the hardware they’re most familiar with. But you can’t expect to install MDM software on personal machines. Similarly, it’s unlikely that team members will want to wipe their personal computers when they leave your company.
For these devices, you’ll need to rely on access management – that’s everything we covered before under password managers and IAM. You can revoke access by sunsetting their SSO profile and the account they used to sign in to your company password manager.
Provisioning and device management will go a long way to keeping your business secure during the Great Resignation. But it’s impossible to have perfect security, and if employees don’t share your enthusiasm, they’ll likely find workarounds that could leave your business vulnerable. That’s why you also need to build a culture of security. One that gives your team members the knowledge and desire to make smart, secure decisions both during and after their time at your company.
Not sure where to begin? Check out our guide to creating a culture of security.
Here’s the short version: First, get buy-in from your leadership team, because they’ll be critical to making significant and long-lasting changes. Then focus on employee education and training. Explain why your company’s policies are important and provide tools that empower your staff to practice good security habits, like a password manager. Finally, listen to your employees. Reward them for speaking up and make sure they feel comfortable approaching your IT department.
If you take these steps, there’s a good chance that your team will adopt and embrace a culture of security. Staff will build habits that endure long after they’ve handed in their notice. And, just as importantly, encourage other people to do the same. That new culture, combined with robust provisioning and device management, will put your company in the best position possible to stay secure during the Great Resignation.