The Human Element of Data Security

Protecting company data after employees leave

Network security is an important concern for small businesses in every industry. A lot of effort is put into protecting sensitive information from technological influences, and these technological measures are incredibly effective at doing their jobs. However, it is common for businesses to forget the ‘human’ side of information security and the specific issues that can arise from that. One of the best examples of this are the security risks that occur when an employee leaves your business. Whether the employee is leaving by choice or has been let go, steps need to be taken to ensure that sensitive information does not leave with them. Here are four suggestions about steps to take to protect your business’ data after an employee has left your company.

1.Collect Devices
            One of the easiest ways for information to ‘walk’ is through company-owned technological devices. Many workplaces offer laptops, cell phones, and other electronics to their employees to aid them in their work. As soon as an employee leaves your business, these devices need to be returned with no opportunity for the employee to copy over any of the business’ data. It is also important to consider whether or not data important to your company has been accessed or stored on your employee’s personal devices – this is an important consideration, and may require additional steps to ensure that the information remains protected.
2.Remove Access to Company Systems
            Many businesses use account-based access to sensitive information and many also offer remote-access log-ins to their employees, so that work can be done on devices other than those used consistently for work. The employee’s access to these accounts should immediately be revoked to ensure that no information is compromised after their employment has ended.
3.Change Passwords to External Websites (Including Social Media!)
            Another area of information security that is often overlooked are external websites that employees of your company have access to. In some industries this may include distribution and shipping websites, software websites that your company has an account with, or even your company’s social media accounts. If your employee has had access to any of these accounts during their employment, the password should be changed immediately to prevent them from accessing or modifying these resources once their employment has ended.
4.Monitor the Situation
            The best way to ensure that your information remains safe after an employee has left the company is to closely monitor the information flow of your company. This monitoring should be in place from the time each employee is hired, and its implementation should include directly informing your employees of the expectations surrounding data security. By monitoring company e-mail accounts, log-in information, and the creation of new accounts, you can be confident in the information that each employee has had access to and any indications that they may be planning to steal information from your company.
            Despite your best efforts, there is always a chance that a disgruntled employee truly dedicated to harming your company could take unexpected steps to steal sensitive information. For this reason, your best defense is truly a good offense. The best time to ensure limited access to sensitive information and increase security measures around this information is now – before any of these issues become a reality. It is a good idea to work with your IT professional to establish clear boundaries and permissions for each employee at your company, and to have an exit plan in place to deal with issues of information securely and efficiently. 

CW Portal