Employees leaving your organization can open up several potential data-related challenges. Employees often have access to sensitive information within your company. As long as employees work smoothly, you may have relatively few concerns about their access. When they leave, however, you may worry that employees, especially those who may have left on bad terms, will access that data for their own purposes.
Protecting your company data begins well before employees actually leave your company. You can put several best practices into play both before and after employees leave your organization to increase the odds that you can protect your data even through staffing changes and other concerns.
Segment Employee Access
Most of the time, very few employees actually need access to all the data across your organization. Unfortunately, in many businesses, employees have essentially unlimited access. That means a salesperson might have access to the same information as your C-suite—which can mean disaster if that salesperson leaves the organization on bad terms. To help protect your data, segment employee access.
Ask:
- What information do employees need access to perform their job duties?
- Do employees have access to sensitive information they do not need to perform those duties?
- How can you protect your customers and your business by segmenting employee access?
You may even want to limit which customers or projects your employees can see within your system based on the projects they are working on or the part of the project they need to take care of.
Require Authentication
To help protect against data breaches or losses after an employee leaves your organization, ensure you require authentication to access sensitive data. Two-factor authentication may require employees to have access to a company device, which employees should turn in after they leave the company. You may also manually deny access from those devices after employees leave, providing better security.
Know What Employees Can Access
Pay attention to what employees can access. Do you have common platforms employees access through a shared username and password? You may not be able to simply disable that login information when an employee leaves, but you can make sure you change the password.
Do you have a manager who routinely shares his login information with employees directly or who may, for example, keep a post-it with that password information in clear view?
Ensure that your organization has a solid understanding of what information employees have access to—not just the information they should have the ability to access, but the information they may have access to through technically unauthorized means. Encourage managers and other team members to offer transparency into employee access after an employee leaves so that they can shut down that information.
Change Passwords
After a major staffing change, including a case where an employee gets fired, you may need to change passwords across your organization. While not every password necessarily needs to get changed, carefully consider what information an employee could have accessed while with the organization, especially when it comes to an employee you believe may have malicious intent toward your organization.
Ask:
- Did the employee have access to a coworker’s username or password for any reason? You should have that employee’s department members change their passwords to avoid a potential breach.
- Did the employee have access to a manager’s password or login information? Some management team members will share that information with their employees to provide easier access to information. You may need to change that access information when employees leave the organization.
- Do you have any standard login information used by a large number of employees? If that information provides access to sensitive data, you may need to change those passwords whenever an employee leaves.
Create a policy that clearly lays out when you will need to change passwords and what passwords you need to change so that you have a solid idea of exactly what needs to change when an employee leaves your organization.
Develop and Consider Device Policies
Many organizations have policies allowing employees to bring their own devices or use them during their usual job duties. Other times, employees may end up using company-owned devices for private use: for example, if the company issues a cell phone, employees may use that as their primary phone, which means they may have private information stored alongside company data. Employees may then expect to keep the device after leaving the company.
Carefully consider your device policies and how they could impact your company. Ensure you have strategies for removing company data from personal devices before employees leave. In cases where employees may have private data stored on company devices, you should also have clear policies about how and when employees must remove that data when leaving the company.
Train Your Team
Management team members must know the potential data-related challenges employees can cause when they leave the organization. Make sure your management team stays abreast of potential problems and knows how to avoid them. For example, managers may need to consider when they revoke employee access after firing an employee, policies about escorting an employee out after firing, or how to handle any employee requests to get back on the system for any reason after firing.
Get Help Protecting Your Organization
Security is a critical part of your organization, whether you need to consider how to handle security concerns when employees leave your company or know more about protecting your data against scammers. Contact an IT specialist to learn more about potential problems that could increase the risk of a breach in your organization and available solutions.
