September 06, 2018

What HR Professionals Should Know When An Employee Leaves

When it comes to the risk of a data breach, a lot of employers today worry about cyber attacks. But in the workplace, there’s actually a bigger threat – and that’s the employees, more specifically, terminated employees.

According to research, when an employee leaves a job, there is a 69% chance that they will take confidential data with them.

Whether by accident or due to malicious intent, documents can be physically removed, saved on a mobile device or to Cloud storage for later access, or deleted entirely.

In any workplace, there is a lot of confidential data. This data includes customer and contact data bases, financial data and price lists, intellectual property, marketing materials, company directories, and more. Loss or theft can damage an organization and result in data breaches and non-compliance issues and penalties.
But many workplaces are ill-prepared for keeping data safe.

A 2017 study from identity management company OneLogin, showed that over 50% of ex-employees still had access to corporate applications. Failure to remove employee security access had caused a data breach at 20% of the companies in the survey.  

According to the 2017 Osterman paper, Protecting Corporate Data When Employees Leave Your Company, 67% of organizations surveyed couldn’t be sure that they could detect whether an employee who left was still accessing corporate resources.

Here’s how to ensure confidential data is protected throughout a person’s employment term.

Hiring process
  • Good on-boarding includes background checks and screening for the right behaviors and intentions, as recommended by Forbes.
  • New employees should be made aware of the importance of data security in the workplace.
  • Use employee contracts and agreements to explain how all sensitive data is managed and returned.  
  • Ask all employees to sign an acknowledgement that they understand the policies and their responsibilities.
During employment
  • Provide employees with clear policies relating to confidential information and data protection and usage including penalties for non-compliance.
  • Control employee access to confidential data by need to know.
  • Encrypt data in transit, in use, and at rest.
  • Provide on-going training so employees stay up-to-date on legal and ethical obligations around compliance, data usage and ownership.
  • Create a culture of security in the workplace. There should be a comprehensive document management process, on-going reminders about security, and embedded security-driven processes such as data destruction services.
On termination
  • HR should follow a standard exit process when an employee leaves whether they have quit or are being terminated. It should include a review of non-disclosure agreements, removal of data, and a list of who to notify to remove accesses. Access to data sources, devices, accounts, etc., should be systematically disabled.
  • During the transition, it is important to collect certain records, organize them based on privacy laws and retention requirements, securely destroy documents that are no longer needed, and understand on-going legal requirements around confidential information.  
  • Shred-it has created a Secure Exit Kit to help both parties understand these obligations and security requirements.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.