A recent study suggests companies are vulnerable to cyberattacks after layoffs. Here’s how they can avoid costly data breaches.
- A new study suggests that layoffs can lead to cyberattacks from disgruntled employees.
- IT expert and professor Thi Tran describes how businesses can protect themselves from breaches.
- This story is part of “Security Playbook,” a series detailing cybersecurity tips and strategies.
- A new study suggests that layoffs can lead to cyberattacks from disgruntled employees.
- IT expert and professor Thi Tran describes how businesses can protect themselves from breaches.
- This story is part of “Security Playbook,” a series detailing cybersecurity tips and strategies.
- A new study suggests that layoffs can lead to cyberattacks from disgruntled employees.
- IT expert and professor Thi Tran describes how businesses can protect themselves from breaches.
- This story is part of “Security Playbook,” a series detailing cybersecurity tips and strategies.
Layoffs can leave employees feeling angry, stressed and worried about their finances. A new study suggests they can also fuel a desire for revenge, which could put companies at risk of a cyberattack.
The study, titled “The Impacts of Layoff Announcements on Cybersecurity Breaches,” explores the behaviors of people affected by job cuts, including whether they seek to “punish” what they perceive as a “bad company” by hacking, said Thi Tran, an assistant professor of management information systems at Binghamton University who led the study.
Tran, who presented the study at the Asia-Pacific Conference on Information Systems in Vietnam in July, said the research was inspired by news of companies across industries cutting jobs.
“I know how terrible it is, how layoffs can cause anger and potentially ruin people’s lives,” he said. “I also know how dangerous it is when people get upset, they can do a lot of bad things.”
Tran discussed what businesses should know about the link between layoffs and cybersecurity breaches and how organizations can minimize their risks.
This interview has been edited for length and clarity.
Why do layoffs expose companies to cyberattacks?
You might think that hackers are more autonomous when they have technical skills, but in most cases, it’s because they’re motivated and driven that they get fired. Being fired can trigger this revenge and they’re more likely to launch an attack.
Our research suggests that the consequence of a layoff announcement is the likelihood of being attacked and that the severity will be higher as hackers attempt to cause harm.
Insider threats, such as former employees, are the biggest threat because they know all the systems, layers of protection, and policies. So they can do a lot of things that are detrimental to the company when they are motivated by layoffs. Imagine that the fired employee works for the IT department or the security department: they know every nook and cranny and how to bypass every layer of protection.
How can companies protect themselves when announcing layoffs?
You should terminate terminated employees’ access to systems shortly after notifying them; announcing layoffs too far in advance and terminating access later can open the door to cybersecurity risks.
However, companies should send a message to employees to minimize the impact of the layoff and explain why access has been removed. For example: “This is an unfortunate situation. We know this is very difficult for you, but this is what we need to do for the whole company.” Remind employees of their connection to the company and the importance of data protection.
Prepare for the worst. Think about the potential losses and costs of a breach and how you can strengthen security layers, such as with antivirus software, intrusion detection systems, firewalls, and warnings of suspicious behavior.
You will then know in advance that there is a problem with the system, and the earlier you know, the more you can minimize the damage. But you cannot eliminate 100% of possible risks.
What role does corporate social responsibility play?
Layoff announcements can be bad publicity. They can send the message that your company is doing something harmful to the public or is experiencing financial problems or poor leadership. This could lead someone to want to hijack your company.
To help minimize attacks, enhance and highlight your corporate social responsibility, which is the company’s reputation and image, and demonstrate the company’s commitment to social and environmental responsibilities.
Taking a proactive stance and focusing on ethical conduct and data security during layoffs could reduce the risk of data breaches in these situations. This will build trust with stakeholders.
What aspect of layoffs and data breaches do you plan to study next?
We are looking to collect publicly available documents that show when a layoff was announced and when a violation occurred. We will try to see if there is an association.
I want to ask people about their ability and technical skills to formulate an attack on a company and how corporate social responsibility influences that decision. We want to collect conversations online and on social media to identify positive and negative emotions toward a company after announcing layoffs.
There are a number of things we want to explore that we hope can help guide policy on how companies can prepare for the worst-case scenario and minimise the risk of a data breach after layoffs are announced.
businessinsider