Whether it’s a ‘the door is always open’ farewell, or a ‘don’t let the door hit you” see ya, there are steps that must be taken to protect your company’s interests.
Departing employees have a bad habit of taking company property with them when they leave. Whether it is inadvertent, because they believe they are entitled to it (the subject of a future posting), or taken with malice aforethought, it happens.
Are you ok with that?
Is it ok for a sales person to take their ‘rolodex’ with them? Or a developer to take some code that they wrote with them? Is it ok for someone in management to take trade secret or other company confidential information? What use could they have for it that benefits you once they leave?
If you work for a company that is anything like ALL of the companies I have worked for, it is not ok. You likely ask employees to sign confidentiality agreements, non-disclosure agreements, or similarly title legal documents as a condition of employment. But do you take all the steps you need to take to insure they are honored when an employee is leaving the company?
Remind the departing employee as close to the time of their resignation (or, if necessary, at the time of their termination)’of their obligations to the company that survive separation. Give them copies of the documents they signed to review.
Have a standard checklist ready that walks you through the steps your company must take whenever an employee leaves. It should encompass things like the return of physical property, the termination of accesses, archiving of information, and in the case of departing privileged users, the changing of all shared account passwords, service accounts (commonly not done), test accounts, and logins (don’t forget network devices).
Communicate. If someone is leaving the company, make sure everyone who needs to know, knows. In advance. So they can do their part in bringing the employee lifecycle to a smooth, safe conclusion.
Review the departing employees online actions for 30-day period prior to notification of resignation or leading up to termination. Numerous studies demonstrate that it is during this 30-day period that data is taken. Think about all the different ways someone can take data off of your network. Are you able to examine all of them to insure you are safe?
Finally, be consistent. Treat every departing employee with respect, while you take the steps you need to take to protect the company. No exceptions.
Insider Risk – How Prepared Are You?
Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.