When employees leave your company, by being fired or otherwise, are they taking files (paper and digital) with them, that should not be taken.
Redmond News writes about a Symantec study about employees who take company data that Sixty-four percent took old e-mails; 62 percent took history and hard copy files with them. Of least interest: PDF files (9 percent), Access files (8 percent), and source code (3 percent). Most employees take hard copy data (that is, paper documents); the next most popular media are CDs and DVDs (53 percent) and small USB drives (42 percent). Over a third (38 percent) sent the data as e-mail attachments to their personal accounts.
What can you do? The report mentions the following options:
- Ensure that policies and procedures clearly state former employees will no longer have access to sensitive and confidential information they used in their jobs. This includes information on laptops, other data-bearing devices and paper documents. The policy should outline what information is considered sensitive and proprietary.
- As part of the exit interview, the supervisor/business unit manager and/or someone from IT security should conduct a thorough review and audit of the employee’s paper and electronic documents. This includes checking electronic devices as well as paper documents.
- Prior to the employee leaving, companies should monitor the employee’s access to the network or system to make sure sensitive and confidential data is not being downloaded or send to the employee’s personal email account.
- Steps should be taken to ensure that the former employee is not able to access the company’s network or system once the relationship has been terminated.
- Extra precautions should be taken with former employees who have been asked to leave and/or are disgruntled. As our study reveals, employees who have unfavorable views of the employer are far more likely to steal data.
I would highly suggest that you also work closely with your local computer consultant, who specializes in security to look at your policies and systems to ensure you are doing everything you can to be as secure as possible.
One thing that’s important, that’s not even a security issue is to ensure you hire the right employees. Hiring employees that are as honest and ethical as possible, will go far into ensuring your company is as secure as possible.
Having clear policies in place and a “to do list” of tasks to take care of when employees leave can go far in mitigating any loss of data when employees leave.