In the modern world of near-constant high-profile cyberattacks, most companies are worried about external hackers breaking into their systems and stealing their data. While these hackers do certainly present a threat, an even bigger one is lurking right under your nose: Your own employees.
One study found that one-third of U.S. and U.K. office workers still have access to their former company’s data and systems after leaving their jobs. While much of this data exposure is innocuous and accidental, some malicious individuals may use their access to wreak havoc upon their ex-employer. As an HR professional, you can keep your company protected from departing employees with these seven tips from Forbes Human Resources Council.
1. Start With Good Onboarding When They’re Hired
Do background checks and screen for the right behaviors and intentions. Once hired, use an identity management system to record and pattern the employee’s access by role, so you can quickly and easily turn off all privileges after offboarding. If it’s an employee with elevated access, notify your security team in advance to closely monitor their account until all access is turned off. – Stacey Browning, Paycor
2. Create Clear Company Policies And Offer Compliance Training
Every new hire’s employment contract should include specific language regarding the treatment of confidential data while working for and upon leaving the company. Regular compliance training for all employees should include updates on handling sensitive information. Finally, HR should work closely with IT on the procedure for backing up all company-issued devices, as well as wiping them clean. – John Feldmann, Insperity
3. Create A Culture Of Security
Develop a robust cybersecurity program with your IT department. This allows you to map acceptable behavior, access and data use against employee types. When behavior is detected that doesn’t fit with the employee profile (e.g. accessing certain files) you’ll be alerted. With basic cyber hygiene, automatic HR workflows can make sure email and online accounts are disabled upon employee departure. – Chatelle Lynch, mcafee.com
4. Proactively Manage Employee Access Points With An Offboarding Checklist
HR should partner with IT in determining employee data accesses. As part of off-boarding, the exit checklist should include a review of non-disclosure agreements, removal of data and a termination distribution list of who to notify to remove logins and accesses. – Bridgette Wilder, Wilder HR Management & EEO Consulting
5. Ensure Remote Access To All Employee Devices
Implement an IT and HRIS system that allows remote access at all times. Upon an employment termination or security breach, IT and HR can log in to secure the data or remove access ASAP. This brings prompt attention to the matter, regardless of where you are located. – Tiffany Servatius, Scott’s Marketplace
6. Provide A Great Day-To-Day Employee Experience While They’re With You
Hire the best people. Manage conflict promptly, thoroughly and with care. Foster strong personal relationships. Make sure leaders are connecting with their team members as well as leading and managing well. Have a thoughtful exit interview. If all that goes pretty well, you likely won’t have to rely on the best practice security policies, agreement and practices (which you should have anyway). – Catherine Decker, Outsell
7. Be An Organized, Communicative Conductor
When an employee departs, HR’s role is to conduct the efforts of the manager, IT and whomever else may need to be involved. Communication is the key. What impact will this employee’s departure have on stakeholders, processes and systems? What needs to be prepared in advance? What has to happen post-departure? How will it come together to protect the organization’s, employee’s and customer’s data? – Pamela Potts, neosystemscorp.com