More often than not when an employee leaves an organization, they take company data with them. Some may not even realize they still have access to the data, and others may never do anything malicious with the data at all. Even still it is important to plan ahead in the event that an employee did leave with the intention of using company data for malicious purposes. In a national study conducted by Biscom, one in four employees leave their job with company data, showing how this is a great vulnerability hole for business data. In the act of prevention, Biscom CEO, Bill Ho, offers us a best practices to implement.
Establish clear employee policies on handling company data and information
Make sure all employees are made aware of company policy when it comes to handling company data. Research done by Network World showed that a hude chunk of employees, 84 %, reported there were no policies within their organization preventing them from taking company information. Ensure comprehensive policies are clear, and outline that all information, documents, and data created by the employee or any employee for that matter is considered company property.
Make sure the language in such documents is specific and easy to understand, and immediately laid out to employees from Day 1. Clear ramifications and procedures from the start will lessen any complaints in the future, as well as miscommunication that the policies do not exist.
Take time to incorporate data protection and basic security protocols into conversation with employees. Make your team aware of the expectations when handling company data in order to minimize data breaches. Communicate policies with personal devices, social media, and consumer versions of file sharing and collaboration tools. Monitor permission-based access and user controls to the best of you ability.
Know when is the necessary time to cancel accounts, block access and deny permissions. This is crucial in protecting company data from internal threats. Critical information that is unprotected and exposed can be detrimental to an organization.
Make it very clear to employees that any suspicious activity should be reported immediately. Tell employees who to notify and what to do in this event. It has been shown that some of the largest breaches of data stem from an internal source. Sometimes these are mistakes made by employees that end up costing the organization a lot of money and data. Teach employees the basics on what is safe and what is suspect.
It is advised that quarterly meetings are held to inform employees on data threat prevention. This sets up a safe environment from employees to gain clarity and for supervisors to acknowledge what policies need to be beefed up.
Streamline control and access to only the employees that directly require it. Only give permission to information employees need. It is advised that a spreadsheet is kept that lists each employee and their permitted access to tools and apps. This will aid in monitoring who has control as well as what access needs to be blocked once an employee has left the institution.
If you would like to educate yourself in more detail about the information presented in this blog post please visit: How to prevent data from leaving with a departing employee