Employees come and go; it is a stark reality of the corporate world. Unfortunately, half of employees who leave their jobs also take confidential corporate data with them according to research conducted by Symantec in 2013. And 40% of them intend to use such data in their new jobs. You need to take proactive measures to protect your data when your employees move on, because the consequences could be severe for your business if you don’t.
Many employers may assume the risk of losing sensitive data mostly comes from outside attacks and therefore do not have a well-established data security policy regarding their own employees. In fact, the 2014 US State of Cybercrime Survey indicated that insiders caused 37% of reported cybercrimes. And this threat does not only come from disgruntled employees with malicious intentions. Some employees think it is acceptable to keep and use the data they created.
Compounding this problem is the proliferation of BYOD (Bring-Your-Own-Device), which makes it easier for departing employees to leave with the data in their devices, and not to mention such devices when connect to the enterprise network may compromise the security measures. To what extent can the company access and control the employees’ devices to enforce data protection policies?
Below is a guide to safeguard your critical data from leaving with your departing employees:
You must explicitly let employees know that taking confidential corporate data is wrong or even a criminal act. Conduct proper training on data protection policies. The training should include not only what to do, what not to do, but also the reason why the policies must be followed. Make sure your employees are aware that you have strong security measures in place and any violation will bring negative consequences. Enforce a detailed non-disclosure agreement.
Centrally manage all access
According to a survey by Lieberman Software, more than 13% employees still can access their previous businesses’ systems simply because their credentials were not deactivated. Make sure you can centrally manage and control all employees’ accounts in your networks, applications, email, or social networks. And quickly terminate this access when an employee leaves. There should be a detailed procedure in place to share responsibility between the IT and HR functions regarding deactivating departing employees’ accounts. This process may start even before an employee leaves the company. If a senior person who has access to critical data is let go, IT may need to start removing access even before HR gives that employee the bad news.
There are plenty of technical solutions to safeguard your data. Endpoint security is probably one of the most effective. Endpoint is often defined as an end-user device, such as laptop, smartphone, tablet, that connects to an organisation’s network. In contrast to network security, which secures the network as a whole, endpoint security dictates that each single endpoint, or device, has to be secured first and foremost. A simple example of endpoint security is when anti-virus software is installed on each laptop. Advanced endpoint security, however, usually encompass both centralised measures deployed from central servers and security software installed on individual devices.
Once an endpoint security is deployed, IT function can track and manage who have which data, when and on which devices. It could prevent intentional or unintentional transfer of data from endpoints to removable storage devices such as thumb drives. It is also capable of encrypting your corporate data on endpoints, or preventing the execution of unauthorized programmes. Therefore, endpoint security offers a comprehensive protection against data loss and increases the deterrence against intentional data stealing.
Create a happy work environment
Even a happy employee could cause confidential data loss due to mere ignorance or carelessness. Discontent employees, however, are much more likely to take things with them when they leave. A research by the Ponemon Institute found that 61% of respondents who had negative views about their employers stole data.
Actively monitor key people
The more senior an employee, the higher the risk of data loss that employee could pose. If you think one of your key employees is interviewing with another company, for instance, you may want to pay attention to that person’s digital activities.
When it comes to data protection, it is essential that employers stay proactive and use a multipronged approach, which combines technology, human, and organisational measures. You can find out more about this issue by downloading our White Paper “IT Pros Guide to Data Protection”.