For any organization, it’s an inevitable fact that at some point, a member of staff will decide to leave. In worse cases you may be forced to ask a staff member to leave the company, but the majority of the time, the split will be amicable.
When either of these happens, an organization leaves itself vulnerable to more than just being a staff member down. There is always the risk that he or she could take important company data with them, whether they mean to or not.
For any business this could be harmful and extremely disruptive, but for a small business, it could ruin them. For this reason, it’s vital to put protective measures in place to ensure company data stays protected when any members of staff leave. Here’s all you need to know about protecting your business data when staff leave.
Plan and put policies in place
As with any business crisis, if you get a robust plan in place to deal with it before it happens, it can lessen the damage done. The same goes for planning what you need to do to protect company data when a staff member leaves.
In most cases, you’d hope that staff leave on a happy note and won’t purposefully cause any data breaches, but you have to plan for every eventuality. Put policies in place long before staff leave, and employ methods to ensure that all loose ends are tied up, and no data can slip through the net.
Prevention is better than cure
Staff members are more likely to steal company data if they feel disgruntled. One of the best policies you can adopt is one that will avoid them feeling disgruntled in the first place. If staff have any issues with you or the organization, then give them the opportunity to provide feedback. Resolve any festering issues that they might have. Get to know individual employees, so that you can suss out if anyone seems unhappy in the workplace. Evaluate if there are any employees who may be looking for a new job or may have the potential to do the dirty on you if they left. Consider tracking their digital activities.
Be aware that it may not just be junior members of staff who are a threat to data snatching; it’s been known that CEO’s or even whole teams have stolen company data in order to start a rival firm. Research carried out by Verizon suggests that 14% of all data breaches in the past year were internal, with malicious intent for financial gain or espionage.
Always keep an inventory of what members of staff have access to what data and devices, so you can keep a check on your assets and ensure that nothing is being used for something it shouldn’t.
Carry out exit interviews
If a staff member decides to leave, then always carry out exit interviews, to obtain a detailed overview of why the person is leaving, where the company might be going wrong, and ways in which you can make changes for the better. Positive steps for a better working environment can help to reduce staff turnover.
If you’re in the unfortunate position that you need to dismiss a member of staff instantly, then don’t allow them to go back to their desk. Retrieve all company devices they have been using and escort them immediately out of the building, so you can be certain that they aren’t taking anything with them that they shouldn’t.
Remove their access to company information immediately and delete and reset passwords or usernames. Ensure that company information is deleted from any personal devices that they may have been using.
When you hire a new member of staff, make sure you have written contractual obligations in place that relates to breach of data security. You’ll be in a stronger legal position if you spell out the obligations from the offset, and it will probably make an employee less likely to perform any data breaches.
A restrictive covenant clause that stops employees from moving to a competitor, poaching clients, or using any data from their time with your company will prevent any misunderstandings, and stop industry secrets being shared.
Only let staff members be privy to sensitive data if they need to be. Limit the number of members that have access to company information and for those that do have, set up robust security systems. By reducing access, you are limiting the likelihood of someone running off with your business information.
Be selective also about what tasks or data you give staff members who are either new to the organization or still on probationary period, or those who are working through their notice period. If a new staff member boasts about being able to provide exclusive data such as company mailing lists that it poached from a previous employer, then who is to say they won’t do the same to you, should they decide to leave?
Lots of organizations use social media as part of their business operations in order to build up a network of contacts, but it can be a troublesome area if people who had access to business social media account decide to leave.
When someone leaves, make sure you revoke any admin access they had to company Facebook accounts, and other social media networks. Change passwords and delete user accounts if necessary too.
Avoid bring your own device policies
Many businesses, especially small ones, have noted the benefits to be gained by allowing staff to work using their own personal devices. It can enable them to work remotely, and can save the business from having to buy equipment for them. However, there are serious risks with implementing this policy, as data breaches and company information being taken when a person leaves are more likely scenarios, as the information is held on the employee’s personal device. If staff need to work remotely, then issue them with company laptops and mobiles so that there is no need for them to add business data to their own devices.
Always do a back up
It’s vital that you always carry out a data backup, so that if any essential business data is lost, you still have it on file. Always make sure that backed up data is encrypted.
Get to grips with IT security features that can help to secure your data. For instance, make sure that you have local disc encryption products and recovery software solutions. Invest in software that allows you to track your assets if stolen and can delete information remotely. You can use tools that protect sensitive data by protecting it with passwords and limiting access. Data loss prevention technology can also detect and prevent certain information from being sent via emails, file-sharing devices, printers, instant messaging and thumb drives.
Published: September 18, 2013