So it didn’t work with your newest employee, in fact it didn’t work out would be an understatement…they left under quite a cloud!
A recent Symantec study states that “half of the employees who left or lost their jobs in the last 12 months kept confidential corporate data and 40 percent plan to use it in their new jobs.”
You’ve got the work laptop/computer back, but have they deleted things?
How do you know what they were doing and looking at before they left?
They used their own devices for work, do they still have their work material?
What to do when employees don’t leave on the best terms
The vast majority of staff finish employment and move on with no issues. But occasionally people leave in less harmonious circumstances, or they are just plain dishonest. We’d like to cover off on some of the basics to ensure that your risks are minimised for if, or when, this happens to you.
Importantly, it makes a big difference what systems you use and how you are set up, so keep that in mind. For the purposes of this simple article, we assume you are a small to medium kiwi business, with a fairly simple IT setup, using one of the lower-level Microsoft 365 licences for your email document storage and sharing.
Set up the employee properly when they join and have proper security
To get the best outcome when an employee leaves you need to start when they join the company.
Practice ‘need to know’ access to systems and data:
- People only get access to what they need for their job
- This includes ensuring your work, documents, emails, etc are protected by permissions appropriate to the user. If they don’t need access, they don’t get it!
Set up an off-boarding system
The obvious (we don’t want to tell you how to suck eggs with your HR, but people sometimes don’t do these things, or forget) things to do when the person leaves:
- You probably have an induction process when someone joins, but do you have an off-boarding process for when people leave?
- Ensure the off-boarding process is promptly followed.
- Ensure the off-boarding is responsive enough to handle an employee disappearing at no, or very little, notice.
- Promptly close off email and other systems access.
- Promptly close off remote access.
- Take back company owned devices.
- Ask specifically if there is any company data in their possession and if so, make a plan with them for retrieving it.
The not so obvious things
Of course IT being the mysterious being it is to most of us you might not consider the less obvious things to do:
- Don’t let people use personal devices for company work – give them the tools they need, and ensure those devices are properly set up by your IT.
- Setup your business so that ALL work data/information is only ever stored in company systems. Do not allow people to save work anywhere else. Make sure they have a company owned folder they can save drafts and working documents to, if this is needed.
- Have remote wipe enabled, meaning you can remotely wipe the data from any devices they have accessed. The next time they connect to the Internet, the data is wiped.
- Review activity logs; these are detailed, but can give you a picture of what the person was up to.
- If they delete emails or files, systems like 365 and Dropbox Business keep files for a ‘retention’ period and during this time you can restore them.
- Use a company password manager such as LastPass so that people actually don’t know their passwords, so if they leave you (or your IT support) remove their access and they can’t get into anything.
Use technology to protect your organisation
If you are on a lower level 365 licence, such as Exchange Online, Business Basic or Business Standard, then talk to your ITA partner about the benefits and costs of moving to a higher licence with more security features such as 365 Business Premium. For example, configure 365 to prevent bulk downloading of company data, etc.
Put in place protections now, so that you have them there before you have a problem. Once the person has left, it is often too late. In general, these suggestions are a good place to start with ensuring your business is protected.
If you need a hand with any of these steps get in touch with your local ITA member.