🔒 Small-biz security 101: The principle of least privilege could save you big headaches down the road. The idea is you only give employees access to the data and systems they absolutely need to do their jobs. The fewer people with admin rights, the better.
Small-biz tip: Don't overlook this digital danger
Photo © Megaflopp | Dreamstime.com
Are you the type of business owner who forgets about ex-employees as soon as they’re gone? Failing to remove former employees’ access to your systems and data could lead to security breaches. Don’t let poor offboarding practices be the weak link in your cybersecurity chain.
How improper offboarding can hurt your business
Whenever an employee leaves the organization, you must remove their access to company systems and data. That’s especially true if you’ve laid off an employee. They may feel a sense of anger or resentment towards the company, which makes them more likely to be malicious.
It’s more common than you might think. A recent study from Beyond Identity examined how ineffective offboarding impacts a business’ cybersecurity. They found that one in three employers has been hacked due to ineffective offboarding.
Oh, and most former employees say they can still access company files. Researchers say 91% of employees can still see private files after offboarding earlier last year. Do you want former employees to know what you’re doing a year later? Probably not!
Plus, the study found only 21% of employers deactivated an employee’s account immediately after they let the worker go. It took 29% a whole week to cut the strings.
Overall, businesses estimated they lost $7,687 to ineffective offboarding. In other words, it’s a mistake you can’t afford to make. Want to build better business practices? Here are the three lessons Kim has for fellow business owners.
Offboarding dangers for small-business owners
⚠️ If you don’t completely cut off former employees, you’re taking on a ton of risks, like:
- Insider threats: Former employees who can still access company systems and data can steal confidential information or sabotage your systems.
- Social engineering: I talk a lot about how dangerous phishing scams are. They can level a company’s computer systems. Former employees are especially dangerous because they know social details about the workplace, which can help them access sensitive information or networks.
- Revenge: In some cases, fired employees may attempt to cause harm to their former employer out of revenge, such as launching a denial-of-service attack or spreading false information about the company.
Beyond Identity’s survey found that 86% of employees have considered taking negative actions against a former employer. People who actually went through with retaliation had diverse reasons: 37% said they didn’t get a raise, while 29% cited a bad relationship.
How to download your entire Facebook
What if you suddenly lost access to your Facebook — years of photos, posts, and memories gone? I’ll tell you how to back up your account so you don’t lose it all if something goes wrong.
💸 Scammers are posing as Fidelity, Morgan Stanley and other financial giants: Remember, they’ll never call or text asking for your password, one-time code, money transfers or remote access to your computer. If something feels off, stop and contact them directly. Stay sharp!
🎤 iPhone & Android Tip: Turn off voice access to keep someone from using voice commands without unlocking your phone.
Need a new book? If you have Amazon Prime, grab two free e-books from their monthly First Reads selections. It’s early access to popular new books. Sweet!
We may earn a commission from purchases, but our recommendations are always objective.
📱“Can I use your iPhone?” Sure, but let’s keep it to a single app, no snooping around. Go to Settings > Accessibility > Guided Access to toggle it on. Open the app, triple-tap your right-side button and press Start. When they’re done, triple-click the side button again to enter your passcode or Face ID to unlock it.
🚫 Kick moochers off your Netflix: Changing the password is one thing, but you can also log everyone out so they’ll have to sign in again. Just click your Profile icon (top right) > Account > Manage access and devices > Sign Out of All Devices. Want to be more selective? You can also remove specific devices!
Lifetime subscriptions: It’s the newest marketing ploy. Pay once and get access forever, right? But “forever” means “as long as the company stays in business” (paywall link). If it shuts down or abandons the app, you’re out of luck. Ask yourself, “Will I use this five years from now?” Probably not.
Spies want in on your router
Is yours at risk? Hackers’ new side hustle is charging Chinese and Russian spies and scammers for access to old home routers so they can launch denial-of-service (DoS) attacks. Plus, Google blocks romance writer, worst airlines for luggage, and Microsoft gets hacked.