What to do when somebody leaves your company?
Well, from a security standpoint the answer might be that it might be too late. The damage may have already taken place.
There are some things that can be put in place that help a bit, like changing the locks and passwords to secure access areas, but the reality is that the worse may have already happened.
In a famous study in 2009, almost 60% of terminated employees have admitted to taking confidential data prior to their departure. It, therefore, stands to reason that a business should (1) protect against this risk, and (2) implement an early warning system that a breach may occur.
So let’s address this from a different perspective because hindsight is always 20/20 and we can learn from those who have been here before.
What do you do before somebody leaves the company?
The most important area of protection related to your staff is limiting their access to data, assets, and intellectual property. In this regard, it becomes quite easy to deal with the departure of a staff member, if you have to.
Identify who needs to know what, and grant access accordingly. It is not disrespectful to create this restriction, it is just good business practice. Treat it as business and let folks know on the front side it isn’t personal.
It may take some IT resources but the access control needs to be both physical and virtual. Most data, if not all, is stored electronically. A quick scan of your system will identify how much data is available to everybody. At this point, follow the same exercise and create gates to restrict access from those who simply solo not need access.
Clear and Concise Policies
Often times companies frown on creating too many policies, for fear of being too restrictive, or to avoid employees feeling that the company has “too many rules”. Policies should be viewed as a positive approach to offering guidance on how to operate. And those policies should clearly speak to how assets and data are to be treated.
Know your Employees
Let’s make an assumption here – when an employee notifies their employer that they are leaving, the employer is rarely if ever the first to know. That’s because leaving a job takes thought and time, and the departing employee usually consults with somebody else before they make their decision.
Read the Signs, they are right in front of you.
You probably heard it many times before “an employee does not quit a job, they quit a person”. Perhaps their immediate supervisor or somebody else, but there is typically an event that takes place that leads up to the employee leaving. In any event, the signs are there and cautions should be exercised if the risk is high.
From a data standpoint, large files being downloaded should require secondary authentication, or at a minimum register a warning to your IT department that the files are being accessed.
If the proper preventative measures are in place, the departure of an employee, while unfortunate, should not pose a risk to the organization.
If however you do not have these practices in place and suspect a departing employee has accessed information, a quick call with your legal counsel will offer you options that can place a legal requirement on the employee to surrender the documents.
The bottom line is this; most companies protect assets they believe to be vulnerable. few companies include “intellectual property” in that bucket.
- We live in a Smart World - June 11, 2021
- Security Gates - April 29, 2020
- Five Considerations before embracing a theft/arrest program - March 12, 2019
- Little Black Book of Scams - December 10, 2018
- Shoptheft Protocol - December 10, 2018
- When all Hell Breaks Loose - November 23, 2018
- What do I need to do to Protect my Business? - November 9, 2018
- Communicate - November 9, 2018
- Workshop – Dealing with Aggression - October 30, 2018
- Wait – my photocopier has a hard drive??? - October 29, 2018