Turnover of staff is a natural part of any business, however companies face the challenge of securing and protecting their data in an environment where many employees use personal devices in the workplace.
There are a number of actions you can take to prevent an employee from accessing or distributing company data after they exit the business. Here’s our top 5:
Ensure every employee’s contract includes terms relating to the use, and misuse, of company data. This needs to protect confidential information, intellectual property created by the employee during their period of employment and data storage devices.
Having a formal process to follow when an employee leaves your business will help to minimise the chance anything is overlooked. Making one person in the organisation responsible for managing the exit process will also help.
Changing passwords to email accounts, social media accounts and any other sites (such as industry-related subscriptions etc), should be changed immediately after the employee has ceased work. Avoiding generic passwords (i.e. Password 1234) will reduce the likelihood of the employee being able to guess the password for any accounts after they have ceased employment.
This includes laptops, mobile devices, USB storage devices, hard drives and another other property that may enable access to company data. By keeping an accurate asset register for all employees, identifying the property devices that need to be returned will be made easier.
In addition to discussing the reasons for leaving and ideas for improvement, the exit interview is an opportune time to remind the employee of their obligations regarding confidential information. Asking the employee to sign a non-disclosure agreement (if it was overlooked in the initial contract) is also recommended.