More often than not when an employee leaves an organization, they take company data with them. Some may not even realize they still have access to the data, and others may never do anything malicious with the data at all. Even still it is important to plan ahead in the event that an employee did leave with the intention of using company data for malicious purposes. In a national study conducted by Biscom, one in four employees leave their job with company data, showing how this is a great vulnerability hole for business data. In the act of prevention, Biscom CEO, Bill Ho, offers us a best practices to implement.
Establish clear employee policies on handling company data and information
Make sure all employees are made aware of company policy when it comes to handling company data. Research done by Network World showed that a hude chunk of employees, 84 %, reported there were no policies within their organization preventing them from taking company information. Ensure comprehensive policies are clear, and outline that all information, documents, and data created by the employee or any employee for that matter is considered company property.
Incorporate data ownership and handling policies into employee agreements
Make sure the language in such documents is specific and easy to understand, and immediately laid out to employees from Day 1. Clear ramifications and procedures from the start will lessen any complaints in the future, as well as miscommunication that the policies do not exist.
Add data protection and security discussions to new employee orientation and training
Take time to incorporate data protection and basic security protocols into conversation with employees. Make your team aware of the expectations when handling company data in order to minimize data breaches. Communicate policies with personal devices, social media, and consumer versions of file sharing and collaboration tools. Monitor permission-based access and user controls to the best of you ability.
Understand how to re-organize an attack or social engineering ploy
Know when is the necessary time to cancel accounts, block access and deny permissions. This is crucial in protecting company data from internal threats. Critical information that is unprotected and exposed can be detrimental to an organization.
Encourage reporting of suspicious activity
Make it very clear to employees that any suspicious activity should be reported immediately. Tell employees who to notify and what to do in this event. It has been shown that some of the largest breaches of data stem from an internal source. Sometimes these are mistakes made by employees that end up costing the organization a lot of money and data. Teach employees the basics on what is safe and what is suspect.
Train on best practices continuously and often — practice makes perfect
It is advised that quarterly meetings are held to inform employees on data threat prevention. This sets up a safe environment from employees to gain clarity and for supervisors to acknowledge what policies need to be beefed up.
Establish data classification and access permissions – limit access to those who need it, e.g. using the principle of least privilege
Streamline control and access to only the employees that directly require it. Only give permission to information employees need. It is advised that a spreadsheet is kept that lists each employee and their permitted access to tools and apps. This will aid in monitoring who has control as well as what access needs to be blocked once an employee has left the institution.
Create a response plan and practice it
Keep a solid information technology company on hand to help aid in the mitigation of access. Always keep an emergency response plan for if/when data has been breached. This creates a clear process for members of the organization to follow in the event of crisis, avoiding excess chaos. This emergency plan may also be necessary if an employee leaves on poor terms and proceeds to steal of misuse company data they have acquired.
If you would like to educate yourself in more detail about the information presented in this blog post please visit: How to prevent data from leaving with a departing employee