Blog

Best Practices for Securing Business Devices When Someone Leaves Your Company

Best Practices for Securing Business Devices When Someone Leaves Your Company

02/18/2019

Employee Retention is at An All-Time Low

 
According to Work Institutes 2018 Employee Retention report, employers paid a whopping $600 billion in turnover costs in 2018! Maybe that's because according to their findings, 1 in 4 employees left their current job for a new one in 2018.

This is due in part to a healthy job market and the creation of new jobs by the advancement of technology.

Leaving Employees put company data at risk

Exiting Employees Can Put Company Data at Risk

The high cost of employee turnover isn't the only thing making employers worry about their staffing situation. Serious vulnerabilities to company data can be created when an employee goes out the door for the last time.

Asking a departing employee to leave their company phone and laptop behind is not enough to ensure office financial documents and other sensitive data remains secure.

It also shouldn't be the responsibility of your HR department to protect company data when an employee leaves due to corporate downsizing, performance reasons, another job offer, or any of the other many reasons a job turns over.

Just because a split is amicable doesn't make it a security risk. The responsibility of mitigating that risk falls on the company's IT department or managed service provider.

In the best case scenario, an employee gives two-weeks notice, IT support is notified immediately, and the technical offboarding plan is executed. However, as any business owner will confess, employee departures can be sudden and far from seamless.

If your company doesn't have tools and a device offboarding plan in place for, you may find yourself operating in crisis mode - scrambling to remove access to internal accounts and attempting to find out what company data has already been compromised, or worse, still resides on a former employee's personal device.

Response Time is Key to Mitigating the Risks of a Breach

Surprisingly, many companies still keep old employee email active (without even changing the password) for weeks after an employee has left. Depending on the former employee's position, it may not be good business to delete their email account right away. A better practice is to immediately forward an old employee's emails to their supervisor and update the password to something the former employee would never know. If you don't need to retain the old email, go ahead and delete the account completely.

Use the Convenience of the Cloud to Keep Company Data Safe

 

onedrive-media

 

Having all the files and folders that an employee worked on stored or at least backed up in a cloud environment will ensure that even employees who bring their own devices to work don't take the only copy of a work document with them when they go. Make saving work to the cloud a company policy and pictures, files, and projects should always be recoverable.

Using a platform like Office 365 that easily gives you the ability to change rights and permissions to company apps and files makes offboarding someone much quicker and easier.

It's a good idea to think about what data access rights each role should have in your company. For example - does sales need access to all customer data or just sales data? build a data governance strategy so that you dont risk exposing too much data to users who don't really need it.

Install Mobile Device Management

 

office-365-mdm

 

MDM is technology that has the ability to access, control, and even wipe data off of a device that an employee has been using.

The advantage of MDM tools like InTune is that they only wipe company data - even from a person's personal devices, so asking an employee to grant you permission to put it on their device is not an invasion of their privacy. If the device was purchased by the company, privacy is not an issue because everything on that device is the property of the company.

Prepare for the Unexpected

In today's world of big data, being proactive, rather than reactive when it comes to how employees use company data is important. For example, all employee data use should be monitored in some way, not just when someone is termed or informs their supervisor they are going to be leaving a job.

The best way to protect your company data during inevitable employee turnover is to require everyone in the company to use a modern desktop solution like Microsoft 365 and to partner with an experienced managed services provider who can correctly set up tools like MDM to take the guesswork out of securing work devices.

 Need help with end point security, or getting to the cloud? 

Yes! I Want to Schedule A Call

 

   
Ultimate Guide to Small Business Cyber Security