Staff Turnover Risk
In a time of high staff turnover, do you need to be worried about security
Joiners and leavers are nothing new. With an average employee turnover of 15% year , most organisations recognise that there are risks associated with people entering and exiting and have put in place the people, processes and tools needed to mitigate these risks. However, in the past 12 months we’ve seen the job market at its most fluid for some time, with 2.9% of the US workforce leaving in July 2021 alone (Harvard Business Review). With this sharp rise, 44% of companies are stating that their ability to reach their goals is being put at risk.
So what risks are being introduced, and how can we best manage them?
1. Time to reassess your threats and vulnerabilities
A common source of security incidents is unintentional human error. With an increase in turnover and a large proportion of new joiners to your organisation, staff will be less familiar with your processes and tools, meaning that they could accidentally cause incidents – especially when working remotely.
Taking this opportunity to assess what could be compromised in this instance will show you where you may need to add additional emphasis or support during the onboarding process. Training is becoming a standard practice for new joiners, so establishing what needs to be included there as ‘high priority’ will help.
Unfortunately, accidents are not the only way in which an employee can cause harm. Disgruntled staff or leavers with access to your sensitive information/assets can present a large risk. Have you completed access reviews recently in order to ensure no one has rights they shouldn’t have? Can you be confident that you know all the systems and facilities an employee has access to? Do you ensure that your leavers’ access is revoked promptly?
Finally, the increase in joiners and leavers could be putting pressure on your support functions in internal systems, recruitment, line management and HR. Have you checked in with these teams to see if they are coping with these additions? Gaining insight into where they may be stretched could show you where you’re at risk and help you direct where you provide support. For example, if internal systems are being overloaded with leaver’s requests and are not getting to lock accounts in a timely manner, additional resources might be needed – or even process automation.
2. How are you maintaining culture?
It’s fair to say that work culture is struggling at the moment. Remote working and high turn over are understandably causing decay, and not only is it a problem for general staff engagement, but it can also be a security risk. New joiners are less likely to have a strong affinity with the organisation or feel that it is a safe space to report incidents if they’re not confident it’s a no-blame space – imagine being the one who reports a breach whilst still on your probation.
Your business may also be dealing with increased staff turnover by relying more on contractors or agencies to fill gaps. These resources will be even less invested in keeping your organisation safe, and an overreliance on them may see morale reduce with your long-standing members of staff. In these cases, have you taken the time recently to review your third-party management? How can you be assured that a vendor or contractor is not going to increase your risk?
Culture needs to come from the top and trickle down through every layer. Senior management must promote all of the security measures you have put in place – policies, training, incident reporting etc. They need to demonstrate why this is important to the business and to each individual, and always reinforce a “lessons learned” approach.
3. Your leavers are creating gaps in your lines of defence, are you filling them?
A recent survey from But 69% of businesses surveyed found that the data and knowledge these employees took with them presented significant or major problems (compared to millennials; 42% and 22% respectively). Losing senior or experienced members of your organisation does have an impact on the security of your information. Many leaders have probably once thought, “If this person won the lottery and left tomorrow, what would I lose from their mind?”
It might be easy to be lulled into a false sense of security that replacements will pick up the same responsibilities and processes as their predecessor. However, this is only ever guaranteed if they are documented and handed over appropriately. Therefore, understanding how much of your security posture is at that state of maturity could give you a much better picture of how dependant you are on individuals. You could be faced with the scenario of a leaver who is happy to take the time to complete a comprehensive handover, but it is a very real possibility that they will be too disengaged and preoccupied closing things down to help. In which case it would be far better to have all that in place as a standard practice.