Does your data stay put when your employees move on? Maybe not. Nearly 60% of employees steal company information when they leave or are fired with 67% of them taking it to a new job, according to a study by privacy and data protection research firm, the Ponemon Institute. Yet only 15% of respondents’ employers performed any sort of review of the digital or paper documents employees were taking.
You, however, should take more protective measures. Well before employees leave, you should have a plan for how you’re going to protect the data. This includes extra measures for dreaded scenarios such as the departure of a disgruntled senior manager or IT administrator.
Here’s a guide to preventing data from walking out the door with departing employees:
Know your people and keep them happy
Get to know your employees and determine who may pose more of a risk, either because they have their fingers on your crown jewels or because they seem unhappy or volatile. Be suspect of new employees who offer to deliver customer lists or other secrets from their previous employer. You could get the same treatment when they move on again.
Cultivate a happy work environment. Content employees tend to be more loyal, while the disgruntled have fewer qualms about taking things. The Ponemon study found that 61% of respondents who were negative about their company stole data, while 26% with favourable views did so.
Spell out rules of acceptable and unacceptable use of company information and create a culture of confidentiality. When crafting policies, begin by asking yourself: “What is valuable to my organisation?” For example, a jewellery company concerned about its designs might want to prohibit employees from transferring design documents to personal email or Dropbox accounts.
To boost compliance, explain the reasons for your rules, emphasizing the company’s data-control needs rather than communicating distrust of your workers.
Have employees sign an agreement that affirms their understanding of the rules and the need to keep company secrets confidential.
You might consider having employees in particularly sensitive roles sign separate confidentiality and non-compete agreements. Such agreements can set a tone of seriousness that can prevent misbehaviour and strengthen your legal hand in trying to compel a pickpocket to return what he or she took.
SMEs could even go under if they don’t take an aggressive position. If companies in competitive fields don’t take precautions, they’re open game for people to come and pluck their information and their people.
Put technology controls in place
Protect your sensitive data with technology controls that limit access. Sales people, for example, shouldn’t have access to design blueprints. Use tools such as Active Directory from Microsoft or more advanced identity-management software from Microsoft and many others.
You may also want to protect sensitive data. Microsoft provides tools for protecting documents with passwords, encrypting files and folders, and designating who may access a file. Also consider WatchDox, which offers higher-end controls for documents on computers and mobile devices (prices vary). Installing software on laptops and smartphones can allow you to wipe their contents remotely.
Another option is data loss prevention (DLP) technology, which can detect and stop data from slipping through exit points, such as email, instant messaging, thumb drives, file-sharing services, printers and
Monitor key employees before they depart
If you’re in a risky situation with an employee – you think a salesman is interviewing with a competitor or a top designer has given notice, for instance – consider tracking that person’s digital activities.
Terminate access quickly
Move fast to cut off departing employees’ access to the company network, applications, email accounts and physical files. If such workers used your company Twitter or Facebook pages, change the passwords. Ask yourself what other cloud-service accounts you might need to secure. Backupify can help you remove data from Google Apps ($3 per user per month) when employees leave.
People you fire or lay off should be escorted out and watched to make sure they don’t take anything that doesn’t belong to them, including mobile devices and thumb drives. Review email and other activity during an exit interview or, if you’re really concerned, hire a forensic expert to investigate.