News
Twitter layoffs bring cybersecurity risks, expert finds
November 2022 by Carlos Salas, engineering manager at NordLayer
Twitter employees reported abrupt cutoffs from the company’s email and Slack, as the now Elon Musk-owned company began laying off 3,700 staff members — only to ask dozens of them to come back less than a week later. With major market players like Meta and other major tech companies announcing massive layoffs, Carlos Salas, engineering manager at NordLayer, explains why the company’s actions can harm its IT infrastructure.
Even before the mass layoffs at Twitter were announced, the company’s employees started abruptly losing access to the company’s internal communication systems, including Slack and email. Shortly after, the company reached out to dozens of them again, asking them to return to work, meaning it would be giving system access back to the employees from whom it just withdrew it.
“This situation carries a few potential risks for the company,” says Carlos Salas, engineering manager at NordLayer, Nord Security’s network access solution for business. “Employee turnover is one of the main reasons for data loss within companies. The abrupt account cutoffs are understandable in this sense, but the fact that Twitter called several people back shortly after is risky. Employees’ trust was most likely shaken by this unexpected decision that lacked clear instructions. Restoring their accounts might lead them to use those accounts to access and acquire internal data in the event the situation happens again. We don’t know to what extent what information certain employees can access, but the company’s history of data breaches, with the latest one happening in August 2022, doesn’t indicate sufficient data protection measures.”
“Cybersecurity and managerial decisions go hand in hand,” explains Salas. To ensure that internal company changes are made as smooth as possible, Salas suggests businesses pay attention to the following measures:
1. It’s crucial to give employees clear instructions and explanations about everything that happens with their accounts and data before denying them access to anything. Abrupt cutoffs without proper information will lead to a decline in trust and potential data loss.
2. Network segmentation is a great practice for companies to provide staff with access to only the parts of the company network they need for work. It can help structure internal information and control who has access to it as well as limit the system load.
3. Companies should rely on up-to-date, zero trust model-based network protection solutions that will help them to stay in control of internal data without putting excessive pressure on employees even in times of rapid organizational change.
