- New research shows that layoffs can lead to cyber attacks by disgruntled employees.
- Thi Tran, IT expert and professor, explains how companies can protect themselves from breaches.
- This article is part of the “Security Playbook,” a series that outlines cybersecurity tips and strategies.
Losing wages can leave employees feeling angry, stressed, and worried about their finances. New research shows that they can also increase the desire for revenge, which can put companies at risk of cyberattack.
The study, titled “The Impact of Layoffs Announcements on Cybersecurity Media,” examines the behavior of people affected by job cuts, including whether they want to “punish” what they consider “bad business” by hack, said Thi Tran, assistant. A professor of management information systems at Binghamton University led the study.
Thi Tran is an IT professional specializing in cybersecurity research. Courtesy of Binghamton University
Tran, who presented the study at the Pacific Asia Conference on Information Systems in Vietnam in July, said the research was inspired by companies across industries cutting jobs.
“I know how horrible it is that layoffs can cause anger and can destroy people’s lives,” he said. “I also know that it’s dangerous when people get angry – they can do a lot of bad things.”
Tran discusses what companies need to know about the link between layoffs and cybersecurity breaches and how organizations can mitigate their risks.
This interview has been edited for length and clarity.
Why do service interruptions put companies at risk of cyber attacks?
We may think that hackers are empowered when they have the skills, but in most cases it is because they are motivated and motivated. Dismissal can trigger revenge, and they are likely to fight back.
Our research shows that the result of the eviction campaign is the chance of being attacked and that the rate will be high because the attackers are trying to do bad things.
Insider threats, such as ex-employees, are a serious threat because they are aware of all systems, security and policies. Therefore, they can do a lot of damage to the company when they are pushed by the layoff. Imagine that the fired employee works for the IT department or the security department: They know about every aspect and how to pass all security levels.
How can companies protect themselves when announcing layoffs?
You must terminate terminated employees’ access to the system shortly after informing them; Declare too early and lose access later can open the door to cyber threats.
However, companies should send messages to employees to minimize the impact of layoffs and explain the reasons for termination. Something like: “This is an unfortunate situation. We know this is difficult for you, but this is what we have to do for the entire company.” Remind people of their connection to the company and the importance of data security.
Prepare for the worst case scenario. Think about the potential losses and costs of the breach and how you can strengthen security, such as with antivirus software, intrusion detection systems, firewalls, and warnings about suspicious behavior.
Then, you will know in advance that there is something wrong with the system, and the sooner you know, you can reduce the damage. But you can’t eliminate 100% of potential risks.
What does social work do?
An eviction notice can bring negative publicity. They can send the message that your company is doing something harmful to society or is having financial problems or bad leadership. This can lead to someone looking to hack your company.
To help reduce attacks, promote and emphasize your company’s social responsibility, which is the company’s name and image, and demonstrate the company’s commitment to social responsibility and the environment.
Being proactive and emphasizing data security practices during layoffs can reduce the risk of data breaches in those situations. It will build trust between stakeholders.
What areas of data breaches and data breaches do you plan to study next?
We want to collect publicly available records that show the date of the eviction notice and the date the violation occurred. We will try to see if there is any association.
I want to examine people about their abilities and skills to create a fight in the company and how social work affects that decision. We wanted to capture online and social media conversations to document positive and negative feelings about a company after announcing a layoff.
There are many things we want to explore that we hope can help guide policy on how companies can prepare for worst-case scenarios and reduce the risk of data breaches after a layoff is announced.