Fears of recession, tightening financial markets, and market downturns have led to layoffs in technology and cryptocurrency companies and have even impacted the cybersecurity space. These companies have valuable intellectual property and customer data that they must continue to protect during this tumultuous time. At crypto companies, they may also have access to customer wallets and keys (whether sole control or multisig), which may endanger customer accounts.
Companies have to pay attention to insider risk as they announce layoffs. Fear of layoff is a powerful motivation for insider threat. Disgruntlement is also a motivator for insiders to act maliciously.
Coinbase recently announced that it was reducing its workforce by 18% in a blog post. The blog post indicates that affected employees “will receive this notification in [their] personal email, because we made the decision to cut access to Coinbase systems for affected employees.”
Imagine being an employee and seeing a message like this — whether you are affected or not. How might employees react as they are either scared for their own jobs or have to watch their friends and colleagues get unceremoniously let go?
What are employees doing in the hour when they are awaiting that email? Gathering data? Screenshotting communications? Downloading code? Might they be motivated to do exactly what the rash action of cutting off their access was designed to stop?
In a hybrid work world, it is difficult to manage layoffs like this since employees may not be in a place where face-to-face meetings are possible. It may also be difficult to collect company assets like laptops from employees who are being laid off.
Treating employees with empathy, demonstrating compassion, and communicating openly will help employees understand the need for cuts. It will also help the morale of the employees who remain on the payroll. Obviously, doing this won’t completely eliminate the risk of insider threat, but it can reduce the likelihood of employees taking malicious action.
As you plan for minimizing insider risk as your company considers or enacts layoffs, take the following steps:
- Communicate; don’t blind-side! And that’s not just to those laid off but to all employees. Leaving employees in the dark on details leads them to think the worst, create their own (often false) narrative, and act accordingly.
- Think about the trade secrets, intellectual property, and strength of relationships with clients and partners. The employee experience of dismissal, fairness of severance, and quality of post-employment resources/benefits can ensure that information stays confidential and your company’s reputation isn’t dragged through the mud.
- Provide as many resources as possible to support employees who are impacted by the cuts. While layoffs during times of financial hardship may make this more difficult, consider offering outplacement or other tools to help affected employees transition to their next opportunity.
- Give your insider threat team (or security team, if there is no dedicated insider threat team) a list of affected employees ahead of notice.
- Don’t suddenly announce a layoff and cut access. Instead, use technical controls to increase monitoring on affected employees ahead of the layoff announcement to detect behaviors that may indicate that they plan to steal data or sabotage assets. Examples of controls to enable this type of monitoring can include security tools with data loss prevention capabilities, endpoint visibility, risk insights from user behavior analytics, and purpose-built technologies for monitoring insider risk.
- Announce the layoffs and actions that you are taking to help employees face to face or via videoconferencing. Shut off physical and logical access as you inform the employee.
- Treat laid-off employees like third parties. Monitor for unusual activity leading up to dismissal and after termination and ensure that company data and assets are returned and that the employees are deprovisioned.
- Support nonaffected employees by letting them know that you value them and their contributions. Help them understand why the difficult decision to lay off employees was made.
Most of all, treat affected employees like you’d want to be treated. Nobody likes being laid off, but the empathy you display and the care you take to help them to the next stop on their career journey will reduce insider risk, maintain trust with the remaining employees, and aid morale.