Data Loss Prevention During Staff Turnover

Staff turnover is an inevitability for most businesses. In fact, average turnover in the UK is currently the highest it’s been since 2009, at over 16%[1]. This isn’t necessarily a bad thing. Some industries have a higher turnover than others, and for many businesses, it’s a key indicator of growth and development.  It can also be a sign of employee and business confidence which is generally a good thing for the economy at large. However, when not probably managed, staff turnover can bring with it its own set of problems. Chief among these is loss of data, which can lead to breaches in security and prove extremely damaging to any kind of organisation.

Data loss during high periods of staff turnover is becoming an increasingly complex problem, but why? For starters, technology is making agile working far more common – employees are more likely to be accessing data off-site, working from home and passing files around. What’s more, a recent study found that over 50% of staff who had lost their jobs kept corporate data and 40% planned to use that data in their new ventures. Whether you’re laying off staff, offering redundancies or staff are leaving of their own accord, businesses need to be vigilant. Even if there’s no malicious intent on the employee’s part, they can still unwittingly expose sensitive data without even realising it.  So what can you do as part of your overall security strategy to minimise the risk of data loss?

Make sure all electronic equipment is returned

From smartphones to tablets, laptops to pendrives, there are more ways than ever before to transfer and store data.  It’s essential that all company equipment is tracked against employee records and returned when they leave the business. Ideally, this should be carried out before their final day to make sure that nothing gets missed. If your staff make any back-ups of company data outside of the business, these should be deleted or returned along with the equipment (most businesses write this into their employee contracts).

Use exit interviews or debriefs to your advantage

Many businesses don’t do exit interviews as part of their turnover process but they really should. Taking half an hour with an employee before they leave the business is an excellent way to ensure they leave on good terms, but it’s also a great way to remind employees about any confidentiality agreements they may have signed. You can also use this as an opportunity to ask them specifically if they have any data in their possession – on company equipment or otherwise – that may need to be returned.

Get the right technologies in place and use them

Getting the right security systems in place will make everyone’s life easier.  Archiving content will make it tamper-proof and also make tracking access a lot easier. For IT managers and those responsible for data security, having this technology in place will also allow them to quickly identify missing data sets and recover them. It’s not always an employee’s fault when data walks out of the door with them – part of the responsibility lies with the business itself and having the tools in place to correctly manage employee transitions.

Limit access to data and designate permissions

This may seem like a no-brainer but countless UK businesses have no process in place for managing data access. This essentially means that any employee can access any piece of content, no matter how sensitive or valuable it is. Placing restrictions – even if it’s just a tiered access system – will immediately make your data more secure without compromising on productivity.

 Cancel access to personal files and close employee accounts

Again, this is something that may seem obvious but many businesses forget. It’s essential that all employee email accounts and log-in credentials are cancelled when they leave the business. All access points to data and software should be cut off the moment the individual has left the business – if they can still log-in and access emails, attachments and other sensitive information it could put your business at risk.

 Monitor employees and don’t be afraid to be direct about it

Once an employee has handed in their resignation letter or they’ve been made aware of their incoming redundancy, you should make additional effort to monitor and track their activity. There’s no need for this to be clandestine or awkward – simply make it part of the process for every departing employee and be upfront with them about it. If they know they’re being monitored they’re less likely to do something malicious or forget about that pen drive in their desk drawer at home. Be watchful and outgoing employees will be more thorough as a result.

[1] https://www.eef.org.uk/about-eef/media-news-and-insights/blogs/2016/may/back-to-business-as-usual-labour-turnover-on-the-rise

Need IT support?
Get in touch with Cheeky Munkey