Thought Leadership

Employee Onboarding and Offboarding Play an Important Role in Cybersecurity

Employee Onboarding

(August 29, 2022) The Great Resignation is having a significant impact on businesses. Organizations continue to experience historically high rates of turnover, as workers seek better opportunities and greater work-life balance. Just 21 percent of employees say they’re engaged at work, according to Gallup’s State of the Global Workplace: 2022 Report. Almost half (44 percent) say workplace stress is at an all-time high.

Low unemployment has created an employee’s market, with 45 percent of workers saying that now is a good time to find another job. That’s bad news for American businesses, which lose $1 trillion annually due to employee turnover.

Security threats are a hidden cost of today’s dynamic job market. Every time an employee leaves and a new employee is added, the risk of a security breach increases due to inadequate training, ineffective operational processes, and insider threats.

That’s why employee onboarding and offboarding play an important role in cybersecurity. The onboarding process should set the tone for the organization’s security policies and reinforce a security culture in which everyone shares responsibility. The offboarding process should ensure that all potential security holes are closed and the employee doesn’t leave with any sensitive IT assets.

Starting Off Right

New employees who don’t know the organization’s security policies and processes are more likely to make mistakes and mishandle sensitive information. According to a recent study by the Ponemon Institute, security incidents involving employee negligence cost an average of $307,111.

Cybercriminals monitor LinkedIn and other social media sites for job changes so that they can specifically target new employees with social engineering attacks. Once an employee is inside the company and has access to IT resources, they need to know how to protect those assets.

The onboarding process starts with granting new employees access privileges appropriate to their roles. Organizations should follow the principle of least privilege access to maintain control over sensitive applications and data. New employees should also receive cybersecurity training, and the training should be repeated frequently to reinforce the concepts.

Shutting Down Access

Offboarding is especially critical to cybersecurity. Employees leave with significant knowledge of the company’s IT assets — usernames and passwords, directory structures, and the locations of sensitive files. Even if it seems like an employee is leaving on good terms, failing to shut down access to systems and data leaves the company open to security breaches and sabotage.

It’s important not to wait for an employee’s sudden departure and scramble to figure out what steps to take. A well-thought-out offboarding process that’s uniformly applied across the organization will greatly reduce security risks.

IT teams should be able to generate an audit report of user activity to identify all of the employee’s user accounts. Nevertheless, it doesn’t hurt to ask departing employees what accounts they access — there may be data stored in the cloud that IT doesn’t know about.

All data associated with that user should be migrated so that accounts can be shut down along with company email and network access. Time is of the essence. Ideally, access will be fully revoked before the employee leaves the building. Of course, company-issued ID cards, keys, and IT equipment should be returned.

High turnover is likely to continue for the foreseeable future. By evaluating, documenting, and testing onboarding and offboarding processes, organizations can help employees succeed and reduce the risk of a security breach.


Mainstream Technologies delivers a full range of technology services in Arkansas and the surrounding region including managed technology services and consulting custom software development and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United States.

Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile

Contact Us

  • Industry

  • Category

  • Regulation

  • Solution