Is the economy forcing you to trim your staff?
How sure are you that sensitive data is not walking out the door with your ex-employees?
In a recent survey conducted by Cyber-Ark Software, 56% of financial service workers in New York, London and Amsterdam admitted to being worried about losing their jobs. In preparing for a layoff, 58% of the surveyed had admitted to already downloading competitive corporate information to use in their next job. Of the workers surveyed, 71% said they would definitely take data with them if they were confronted with the prospects of a layoff. The fact that the majority of this data is stored electronically makes it easier to compile, store on a portable device and take it out the door without being noticed or leaving an audit trail. In many cases, the perpetrator can download the information from home, using a remote connection without leaving a trace of activity.
Regardless of the economic conditions, we recommend that you implement the following procedures to help secure your data when an employee exits. When people are desperate, they are capable of doing things they would not normally do.
- Document and periodically review each worker’s access to the network, physical facilities, applications and servers.
- Disable remote connections, including pcAnywhere connections.
- Disable accounts or change the passwords of the terminated employee.
- Periodically review active users on the system and make sure each user can be accounted for. If an account cannot be identified, it should be disabled immediately.
- Make sure your security polices and procedures are in place before any layoffs
- Change any physical locks or combinations.
- Collect ID cards.
- Collect any handheld devices, cell phones, laptops and PCs with other company property.
- If the employee worked in IT, make sure the passwords to system accounts are changed.
- Contact vendors and customers to make them aware of the changes in your organization.