OUR THOUGHTS ON:

Data Security Best Practices: Dealing with Employee Departures

Technology

By Eric Wright

Is the economy forcing you to trim your staff? 


How sure are you that sensitive data is not walking out the door with your ex-employees? 


In a recent survey conducted by Cyber-Ark Software, 56% of financial service workers in New York, London and Amsterdam admitted to being worried about losing their jobs. In preparing for a layoff, 58% of the surveyed had admitted to already downloading competitive corporate information to use in their next job. Of the workers surveyed, 71% said they would definitely take data with them if they were confronted with the prospects of a layoff. The fact that the majority of this data is stored electronically makes it easier to compile, store on a portable device and take it out the door without being noticed or leaving an audit trail. In many cases, the perpetrator can download the information from home, using a remote connection without leaving a trace of activity.

Regardless of the economic conditions, we recommend that you implement the following procedures to help secure your data when an employee exits. When people are desperate, they are capable of doing things they would not normally do.

  • Document and periodically review each worker’s access to the network, physical facilities, applications and servers.
  • Disable remote connections, including pcAnywhere connections.
  • Disable accounts or change the passwords of the terminated employee.
  • Periodically review active users on the system and make sure each user can be accounted for. If an account cannot be identified, it should be disabled immediately.
  • Make sure your security polices and procedures are in place before any layoffs
  • Change any physical locks or combinations.
  • Collect ID cards.
  • Collect any handheld devices, cell phones, laptops and PCs with other company property.
  • If the employee worked in IT, make sure the passwords to system accounts are changed.
  • Contact vendors and customers to make them aware of the changes in your organization. 

Subscribe to our e-mail newsletters.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at contactSD@schneiderdowns.com.

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2019 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

comments