A recent global Kaspersky study on the behaviour of small and medium businesses during crises shows staff reductions may cause additional cybersecurity risks.

Yet only 51% of organisations’ leaders are confident that their ex-emploees don’t have access to company data stored in cloud services, and just 53% are sure that former workers can’t use c

orporate accounts.

According to studies team retention was the top priority for almost half of organisations throughout the pandemic, many businesses still might have to resort to job cuts in order to reduce costs during hard times.

Kaspersky surveyed more than 1 300 business leaders in small and medium-sized organisations across the globe to learn what tactics they chose to keep their business afloat, and what cybersecurity risks anti-crisis measures could bring.

Given that almost half of respondents couldn’t confidently claim that their ex-employees didn’t have access to their company’s digital assets, reductions in staffing may put the safety of data and company livelihood at additional risks.

Ex-employees misuse of data in new jobs or to drum up business for themselves were major concerns for bosses. The survey results suggest that most business leaders worried that former employees will share the company’s internal data with new employers (63%) or use corporate such as previous client databases, to launch their own business (60%).

Overall, 31% of respondents consider reductions in employment as a possible measure to cut costs in case of a crisis.

Other popular cost-cutting steps include a decrease in spending for advertising and promotion (36%) and vehicles (34%). Cybersecurity, on the other hand, appeared not to be an area of the business where leaders would prefer to save budget.

“Unauthorised access can become a huge problem for any business, affecting the competitiveness of a company when corporate data is transferred to a competitor, sold off, or deleted,” explains Alexey Vovk, head of information security at Kaspersky.

“This problem becomes more complicated when employees actively use non-corporate or ‘shadow IT’ services which are not deployed or controlled by corporate IT departments. If the usage of these services is not managed after an employee is dismissed, there is little chance that access to information shared via these applications will be shut off for a former worker”.