Why layoffs increase cybersecurity risks

A wave of layoffs has swept through the tech industry, leaving IT teams in a rush to revoke all access those employees may have had.

Additionally, 54% of tech hiring managers say their companies are likely to conduct layoffs within the next year, and 45% say employees whose roles can be replaced by AI are most likely to be let go, according to General Assembly.

Taking away access to company data the moment someone leaves might seem harsh, but it’s an important step to protect against security risks.

Not everyone leaves on good terms. For example, a 39-year-old man accessed his former company’s computer testing systems and deleted 180 virtual servers.

Key risks during layoffs

Insider threats: An offboarding employee, whether intentionally or unintentionally, can take sensitive data with them. If accounts are not properly deactivated or access is not revoked, they might log in, steal data, or cause damage. IBM found that 83% of organizations reported insider attacks in 2024.

The types of data that can be extracted:

• Client/customer data
• Company confidential
• Employee HR data
• Financial data
• Sensitive project files
• Source code
• Unreleased or sensitive marketing

Lack of monitoring during workforce transitions: During large-scale layoffs, teams often cannot cover all aspects of offboarding alongside their regular duties. Employees use devices like laptops, phones, and USB drives, as well as platforms such as email and collaboration tools like Slack or Teams. Managing all of this, especially in a hybrid work environment, can be challenging. As a result, important steps can be missed, and unusual activity might not get noticed.

Threat actors are watching: Layoff news gets around fast, and cybercriminals pay attention. They use it to launch phishing and social engineering attacks, taking advantage of how off guard people can be during times like these.

The question we need to ask ourselves is: what can we do to minimize all these risks?

Mitigation strategies for safer offboarding

Revoke access to user accounts, systems, applications, and networks.

Collect all devices such as laptops, phones, and tablets, and erase all data from them.

Check for any shared passwords or special access. Remove them. Update who has access to what.

Hand off files, projects, or documents to appropriate team members.

Store anything needed for legal or audit reasons in a safe place.

Conduct an exit interview with the person before they leave. Get feedback and check for any loose ends. Remind them to keep company info private, even after they leave.

The role of leadership and HR

It’s very important for IT, HR, and legal teams to work closely together to ensure the process goes smoothly. Each has its own expertise, and together they can better identify risks and keep everything on track.

The way an employee leaves is very important. Be transparent with both the people leaving the company and those who stay. This helps everyone understand the reasons behind the departure and the steps the company is taking next. It can also stop rumors and unverified information that could lead to further distrust and the risk of people making security mistakes out of fear.

Establishing policies that balance security with empathy sets the right tone. Rules should be strong enough to keep data safe but not so strict that they feel unfair. People are more likely to follow them when they feel they’re being treated fairly.