It’s inevitable that employees will leave your organization. When they do, they obviously take their knowledge and skills with them, but they may also take your company data.
Brian Schrader, president at legal information management company Business Intelligence Associates, explains that while security breaches by hackers make the news, the most common threat to data security on a day-to-day basis is actually “employees departing the organization not just by themselves, but taking information along with them.”
That’s why it’s imperative for human resources departments to prioritize protecting corporate data when an employee leaves.
Getting new employees to sign nondisclosure agreements (NDAs) is a good start; however, it’s not quite enough on its own. What HR teams really need is a step-by-step process for offboarding employees to ensure the data employees have accessed or collected during their tenure at the company is secure. Here are some necessary steps to include in that process.
Collect all company-issued electronic devices
The first step to protecting corporate data when an employee leaves is to collect all of their company-owned electronic devices. This is simple enough when employees are in a central location, but with so much of the workforce working remotely, accomplishing this can be a challenge.
“Retrieving managed devices from a remote workforce can be convoluted,” says Anurag Kahol, SVP of Security Service Edge at cybersecurity company Forcepoint. Employees who live near the office can simply bring them in. If they’re farther away, HR can send them packing materials and a prepaid shipping label for each device so employees can return them with minimal hassle, explains Kahol. This may encourage employees to accomplish this task quickly.
If employees use their own devices to access company data, that presents another challenge when it comes to collecting assets. Since you aren’t taking back the physical devices they own, you’ll need to wipe them clean of any sensitive company information. You can accomplish this both onsite and remotely, depending on the distribution of your workforce.
The idea of someone wiping their devices may make employees nervous, so be sure everyone is on the same page up front. Be very transparent with employees about what data you’ll wipe from their devices when they leave.
Planning ahead for any of these situations is critical to protecting corporate data when an employee leaves. But the planning doesn’t stop there.
Look for red flags in the data
Protecting corporate data when an employee leaves requires more than simply collecting physical assets. You’ll also have to retrieve and protect credentials and data. This process is more difficult and delicate than device collection, and it actually starts when you onboard team members.
For example, employees should have access to the data they need to do their jobs and no more. This limits their access to confidential information that they can potentially take with them and use against the company if they leave.
When an employee does leave the company, the first thing to do is disable their access to company systems, such as computers, security, email, and any other platforms. HR and IT teams should also change all passwords used by a departing employee to access data on the company network.
A tool like Jotform Enterprise can simplify the process of protecting corporate data when an employee leaves. Jotform Enterprise allows multiple-user access to a single account from different devices. An administrator controls the access, so when employees leave, the administrator can immediately disable their access and assign their role to someone else. This helps ensure (as much as possible) that the data an employee collects remains at the company because it isn’t tied to a personal account.
Another important step in protecting corporate data when an employee leaves is to audit the activities of all employees, explains attorney William Hammel, partner at Lewis Brisbois. Look for strange activity by both departing employees and those who aren’t leaving. Such activities, notes Hammel, include bulk file copying, multiple attempts at accessing unauthorized data, and suspicious timing of remote access attempts. Any of these may be an indication of a data breach.
Remember, employees will leave your organization, and when they do, data security will have to be your top priority. Plan ahead by specifically addressing asset recovery and data protection in your offboarding processes. This helps ensure company data stays with the company even after employees leave.