In the rush to protect businesses from cyber attacks, most companies overlook one very big threat. It’s a threat that is lurking right under your nose. It’s the threat of your employees, who just left your company, mistreating your company data! Have you ever pondered they might be stealing your company’s confidential data if they still had access to your system?
Osterman Research released the following information regarding protecting the organization’s data as employees leave:
- 67% of the organizations aren’t sure they could detect whether an employee who left was still accessing the company’s resources.
- 76% had no way of knowing when third parties like contractors stopped working on the company’s data and systems.
- 53% don’t have well-established processes and systems for monitoring access to data sources and applications that people used when they were actually on the job.
Another study says that one-third of office workers in the USA and the UK still have access to their company’s system enough though they have left their jobs. Much of this data exposure is accidental but you never know when some of your ex-employees release malicious content or use their access to wreak havoc on your business which very likely when an employee is fired or laid off. This problem is serious and if it still goes unnoticed, it can leave your trade secrets in the hands of your competitors.
It’s time to change your priorities and follow the 5 strategies below for protecting your company’s data:
- Start with a good on-boarding as new employees are hired
First things first, you must check the intentions and behavior of the potential candidate by running a background check. Once it’s clear, you can move further. Use an identity management system to record and pattern the access of employees by role. This will help you turn off all their privileges as they leave. Whenever an employee’s access is elevated, always notify your security team in advance and closely monitor their account until their access is turned off.
- Develop transparent company policies on treating confidential data
The employment contract must include a clause stating regulations regarding treating the company’s confidential data while working for the company and upon leaving. All employees should be provided with compliance training on handling sensitive information. The IT department should develop a procedure for backing up the company-issued devices and wiping them clean as and when necessary.
- Create a cybersecurity culture
Work with your company’s IT department for developing a robust cybersecurity program. This program must allow you to map the acceptable behavior, access and data usage against employee types. Whenever such a behavior is detected that doesn’t fit with the employees’ profile, for instance, an employee is accessing a file he isn’t supposed to, then you will get an immediate notification. When such a cyber-hygiene is developed within the company, the HR work-flow will automatically make sure the emails and online accounts are disabled as soon as an employee leaves.
- Deprovision the resources automatically when someone leaves
This doesn’t just apply when someone leaves. Deprovision is pertinent as a result of a change in rules, too. It will immediately put an end to a person’s access to any sensitive information. If all the assets are managed via a single identity and access management platform, it will make it easier to do so especially if employee turnover is high.
- Be organized and communicate proactively
Whenever an employee departs, it is the responsibility of the HR to conduct the efforts of the manager, the IT department and anyone else involved. It is important to question what will be the impact on the stakeholders and the company’s process and system when an employee leave. Arrangements should be made in advance. The organization itself must be clear on how it’s going to protect the data of its employees and customers along with that of the company.
Do not just give priority to protect your data from external hacks, have a line of defense prepared for internal attacks, too. By creating confidential agreements and terminating the employee access to digital information upon the departure, you can reduce the risk of breach to a great extent. This doesn’t just help an organization keep its confidential information safe, but also reduce the chances of dramatic employee exits.