As a leader, accounting for employee turnover is a standard component in your continuity plan. The “Great Resignation” of 2021 likely means you’ve been finetuning this process lately. Once their resignation is in, you mutually agree on an end date, post the job description and build the handover plan. Aside from a goodbye party, your work here is done. Right?
But what about your company’s data? If you haven’t built this into your turnover process, you may be leaving your business vulnerable. According to research from Biscom, more than 1 in 4 employees take confidential and sensitive information with them when leaving a company. And many of them reported doing so because their organizations don’t have policies or technology in place to prevent this from happening.
Here are 5 things you should be doing immediately after an employee leaves to mitigate some of this risk:
Any decent employment contract will include covenants with clear language protecting confidential and sensitive data – as well as restrictions about working with or for competitors. Review your contract to confirm which protections are in place and how to enforce those protections in case you need to pursue action against your former team member.
While it’s standard to revoke a former the employee’s access to email, Slack, Jira, Sharepoint and other accounts they used with their corporate email address – the data sharing points below are often overlooked:
Have your team verify whether they shared any other passwords with the former employee via a password manager and end the share immediately.
Although you may feel confident that all access to sensitive data has been revoked, some entry points may have been missed – especially without a formal cybersecurity plan in place. Monitor and audit access to sensitive documents to see if they are being opened by computers or IP addresses outside of the corporate network. Ex-employees may request that current staff provide them with information as well - flag and investigate any unusual activity among your current employees.
While most resignation procedures involve introducing the resigning employee’s contacts (e.g. clients, suppliers, affiliate marketers) to another associate at your company. Some people will invariably either be missed or - being human - forget about the handover process. And if you’re dealing with a termination rather than a resignation, there won’t be time for a handover.
To ensure critical information is not missed, set-up an auto-forward. All inbound communications to the ex-employee’s email address should be sent to a supervisor.
Company-owned devices such as laptops, tablets and phones should be returned before the employee leaves. Unless they are due for replacement, these tools may be passed on to a new employee soon thereafter. To avoid passing on sensitive data, ensure that the devices are thoroughly wiped.
Whether employees should be able to bring their own devices to work or not isn’t a new debate. They’re difficult to restrict and can make your organization vulnerable to several cybersecurity threats. If you have a policy in place to wipe company data off a personal device, ensure this is done to the best of your IT department’s ability.
Most corporate leaders can agree cybersecurity training should always be part of an employee’s on-boarding and continuing education process. It should be just as important when the same employee departs. Implementing these strategies is just the first step towards better cybersecurity for your business. Contact us today to learn how Hitachi Systems Security can enable your business to be proactive about your confidential and sensitive information.