8 Steps to Protect Your Company Data When People Leave

Cyber security
Written By Jo Chieng

It would be nice to think that your organisation is a big happy family with no employee turnover, but that’s not realistic. Some level of staff turnover is natural for all businesses. And when employees leave, you may be opening the door to a data leak or compliance risk.

In this article we cover what you need to know to better secure your business when someone leaves.

When people leave, data should not go with them

Employee turnover is costly for many reasons:

Productivity can lag, you may lose institutional knowledge, and you have to recruit and train new talent. But have you thought about the risks to your data security? An exiting employee taking data or accessing your systems risks sensitive information.

This article outlines steps you can take to protect your data:

  • Find out more about the risk when people leave your organisation.

  • Learn how to create a culture of security throughout employee tenure.

  • Explore strategies to prevent turnover.

  • Read about the ways an IT Managed Service Provider helps protect data.

Understanding IT risks related to employee turnover

There are times when you have to let employees go, but in this age of the Great Resignation, you may have more people leaving voluntarily. They could be younger workers who see greener pastures elsewhere, or older workers ready to retire. Problems arise if employees take data with them or leave with continued access.

When people exit your company, whether on good terms or not, they represent a data risk. Due to BOYD (bring-your-own-device) policies, they could have company data on a laptop, tablet, or smartphone. They may also have user accounts set up for business software on those mobile devices.

With people working remotely or on their own devices, there may also be questions about professional or personal data. Your business may need to consult with a lawyer about who has rights to what data and work done.

Someone leaving involuntarily might also remove data from your company with ill intent. They could download data to a portable thumb drive (USB drive), or transfer information to the cloud for continued access after leaving. They might release data publicly, sell it to criminals, or take it to your competition.

What can you do to offset the risk?

1. Begin at the beginning

Obviously, you want to hire honest people with the right intentions for your business. Then, when you are first onboarding new employees, educate them about data security. Ensure they understand the importance of strong passwords, encryption, and saving information securely. That means using a secure server or using the business’s cloud storage rather than a local machine.

 

2. Provide ongoing training

If you have data compliance requirements, offer ongoing instruction about regulations. Keep employees current on treatment of confidential data, whether working for you or leaving.

Cover what they can and cannot use to access corporate data, especially intellectual property or trade secrets.

3. Develop a security culture

Onboarding and training prove your business prioritises security. Also, set clear policies on visibility into employee practices, data encryption, and backup.

If you are going to allow people to use their own devices, use remote management to monitor that activity. When someone does leave you, immediately go in and secure or remove company data.

4. Monitor employee behaviour

Have a clear overall picture of who is accessing what and from where. Knowing where resources are, and what employees use them, can help you spot questionable behaviors. For example, people regularly download documents or send information to the cloud, but is someone suddenly doing that a lot more? That may mean they are preparing to leave and could be taking data with them.

5. Limit access to data

Having a full map of your IT and employee roles can also help you to limit access. Taking a least-privileged access approach is the safest route. This allows someone to have access only to what they need to get their job done, nothing more. This can help cut the damage if someone inadvertently or intentionally takes data.

6. Prioritise data protection

Put policies in place to force people to save important work to secure locations. Good data backup is critical. This can help you recover more quickly in the event of a malicious attack. It can also be useful if someone inadvertently deletes something important while trying to wipe devices clean for a new user.

7. Have an exit policy

Your employment contracts need clear language about protecting sensitive and confidential data. Reiterate those now. If the employee has access to your social media, ensure they are no longer able to log in and post.

Also, establish a procedure for proper data removal from employee devices. Enlist IT to clear corporate technology and wipe employee personal devices.

8. Communicate internally

Make sure all relevant parties know about terminations immediately. If Sue leaves accounting but IT doesn’t know for a week, that could leave you exposed.

Know who needs to know about terminations to remove logins and close accounts. Expect prompt action to change passwords on shared accounts or blacklist terminated employees.

Why do people take data with them?

There are three main reasons employees take business data when leaving a company:

  1. They do it unwittingly.
    They don’t even realise that they have data they shouldn’t on their personal devices.

  2. They don’t think they’re doing anything wrong.
    Maybe they did the work to create that data, or they don’t see that data as something that is valuable enough to protect.

  3. They are not happy.
    They may be upset about being let go or being passed over for a promotion. They may intend to leak the information, sell it to criminals, or use it to their own personal advantage.

Keeping employees happy helps, too.

Another way to stem disgruntled employees leaving with your data is to engage employees and give them meaningful work. Build a workplace where people want to work. Some strategies to help encourage employee loyalty, while also boosting productivity, include:

  • Welcome feedback. Make it obvious you’re willing to hear from employees. Then, where possible, act on what the employees say. This shows you respect their input and helps everyone feel more involved at work.

  • Encourage risk-taking. People like to feel challenged so they are less likely to look elsewhere to work. Make yours a company where people feel safe trying new things or making fresh suggestions.

  • Set goals. Help individuals identify challenging areas. You don’t want to make the goals too difficult, as that could lead to the frustration you are aiming to avoid.

Outsourcing security steps up your posture

Enlisting an IT Managed Service Provider (MSP) is one more way to cut risks when employees move on. The MSP can establish content management solutions and set up virtual desktops. These experts can also help with cloud solutions, encryption, and access authentication. They can provide valuable guidance for isolating sensitive data.

The MSP can remove employee access, wipe devices, and disable accounts. If a disgruntled employee deletes or corrupts files, the MSP can implement backup and recovery to get you back on track.


Want to find out more about how an MSP can help protect your data and improve your cyber security posture? Book a call with Swerve today.

Jo Chieng
Previous

Introduction to Cyber Insurance for SMEs
Next

Don’t Give Up on Password Managers