The impact of mass layoffs on IT teams: challenges and solutions
The tech industry has experienced a significant increase in layoffs, with the number of tech employees laid off in 2022 surpassing the combined total of 2020 and 2021. Factors contributing to these layoffs include economic downturn, inflation, higher interest rates, over-hiring, and the COVID-19 pandemic's job correction.
The large-scale layoffs in the tech sector have caught public attention due to the size of tech companies, the number of people affected, and the high-profile brands caught up in the downturn. Recent mass layoffs have come from major companies such as Zoom and Meta, which goes to highlight the almost boom and bust of the pandemic’s impact.
Furthermore, some company layoffs have put a spotlight on the significant impact IT and software engineering teams have in such companies. Twitter is a key example, where the departure of key team members raised concerns about the loss of crucial knowledge and the potential risks associated with IT infrastructure. There have been numerous outages and bugs since Elon Musk’s widespread sackings, and features such as Twitter Blue have been released only to be pulled days later.
Layoffs in IT teams present unique challenges, primarily due to the loss of undocumented knowledge. IT professionals often possess critical information about the organisation's IT infrastructure, including the inner workings of systems, firewalls, API keys, and other technical aspects. Organisations may need help understanding and managing the existing technology landscape when these individuals leave, leading to potential vulnerabilities and disruptions.
Furthermore, the concept of ‘tech debt’ becomes evident during layoffs. Tech debt refers to the accumulated challenges, inefficiencies, and outdated practices within an organisation's IT systems. With the departure of key team members, this tech debt may surface, exposing vulnerabilities and hindering the organisation's ability to adapt and innovate effectively.
Layoffs profoundly impact individuals who are let go, and this human element cannot be overlooked, particularly in cyber security. Disgruntled former employees may pose an increased risk to an organisation's cyber security posture, as they possess insider knowledge and may exploit it maliciously. Organisations must consider layoffs' emotional and psychological impact, ensuring that proper measures are in place to support departing employees and minimise potential risks.
A further aspect to consider is the potential risk of employees taking data with them to benefit their next role or because they believe the data to be their own. A significant number of employees take data they created with them when they leave a company. This highlights the importance of implementing proper security measures and educating employees about the company's policies on data removal.
In fact, a recent survey found 87% of respondents admitted to taking data they had created with them when they departed from their previous job. The survey revealed that employees feel a sense of ownership over the data and documents they produce, leading them to believe they have the right to take it with them. This behaviour can be driven by the perception that the data will be useful in their new role or because they believe they have a personal claim to it.
While the survey indicated that respondents did not have malicious intentions and did not take data protected by privacy regulations, it highlighted the prevalence of intellectual property (IP) theft. A significant 25% of respondents admitted to taking intellectual property, which can be a significant concern for organisations as it represents their competitive edge.
To mitigate the risks associated with layoffs in IT teams, businesses should implement several robust solutions. First and foremost, identity governance and access management systems are crucial. These systems ensure that access to sensitive information is controlled and monitored, reducing the potential for unauthorised access or data breaches.
Additionally, organisations should focus on implementing robust cyber security measures, including regular security assessments, penetration testing, and ongoing monitoring of systems. By maintaining a strong cyber security posture, businesses can reduce the likelihood of breaches and minimise the impact of departing team members.
Outsourcing with managed services is another viable option. Partnering with external cyber security experts can provide access to specialised knowledge and resources, ensuring security expertise is maintained even during restructuring or layoffs. Managed services can help fill the gaps created by the departure of internal IT team members, providing continuity and enhancing the organisation's overall cyber security capabilities.
Stakeholders, including executives and board members, play a vital role in decision-making processes regarding layoffs. They should take a holistic approach, considering the immediate financial benefits and long-term consequences. By valuing the expertise and knowledge of IT teams, organisations can make informed decisions that ensure the continuity of operations, minimise cyber security risks, and foster a healthy work environment.
To mitigate the risk of data theft during layoffs, organisations should also implement policies and procedures relating to the issue, and educate employees about the existence of such policies, ensuring they understand the consequences of violating them. Monitoring user behaviour, using technologies like behavioural analytics and data exfiltration monitoring, can also help identify suspicious activities and prevent unauthorised data transfers.
Providing employees with better, more secure file-sharing tools that the organisation can monitor is another strategy to discourage data exfiltration. By offering convenient and controlled file-sharing options, companies can reduce the temptation for employees to transfer data to personal accounts or external devices since they’re aware they will be caught.
Of course, regular security awareness programs can also play a vital role in shaping employee behaviour and reinforcing the importance of data protection. These programs should communicate the organisation's policies regarding data removal and the tools used to enforce them.
While it may not be possible to eliminate the risk of data theft during layoffs, taking proactive measures and creating a culture of data security can significantly reduce the likelihood of intellectual property loss and protect the organisation's valuable assets.
In conclusion, alongside the challenges posed by the loss of undocumented knowledge and tech debt, mass layoffs in IT teams also raise concerns about data security and intellectual property protection. Organisations must address these risks by implementing robust policies and procedures, educating employees about their responsibilities, monitoring user behaviour, and providing secure file-sharing tools. By taking proactive measures to safeguard data and intellectual property, businesses can mitigate the potential harm caused by data theft during workforce transitions and maintain their competitive edge in the market.