A Team Member is Leaving … Is Your Data Going with Them?

Leaving Team Member Stealing Data

Here are a couple of sobering statistics for you: larger organizations can expect to lose roughly one out of four employees in any given year. And of those who depart, voluntarily or otherwise, somewhere between 60 percent and 90 percent will take company data with them, depending on which research study you consult.

Some of this data loss is inadvertent, in the form of forgotten files on a personal device, for example. Some might have been created by the departing employee; a sales presentation, perhaps. But a significant portion is intentional, if not malicious: customer lists or intellectual property retained by the departing team member with the intent of using it on behalf of a competitor.

With the explosion in remote working as a result of the pandemic and the corresponding increase in the use of personal devices for company business, this particular onion has more layers than ever before. Let’s take a look at what an organization can do to insulate itself against data loss.

Keep them around. This is the simplest – but by no means the easiest – solution. If you can do a better job of retaining team members, the worry of your data leaving with them decreases proportionally. Do you have a large percentage of employees heading for the door, or a large percentage of new hires who don’t work out and are asked to leave? That points to issues with your company culture. It may be time to take an unbiased look at both your hiring practices and your work environment. An executive advisor can help with this.

Prepare now. The process of properly securing your company data begins long before the decision to let someone go. There are many considerations here, but it begins with a thorough and firm set of policies and procedures around device management, limited access to data, and encryption of sensitive information. All of this is likely to involve a combination of hardware and software solutions, one that’s tailored specifically to your organization’s needs and data structure. In an ideal situation there’s a single point of access to all systems, simplifying the process of turning off that access. In reality that’s rarely the case, though. Again, an executive advisor can be an invaluable resource in this process.

Understand the scope. Chances are strong that your organization does not have that utopian single point of access in place. Therefore you need an understanding of exactly which resources any given employee can access: not only company data, but online purchasing ability, analytics sites or email accounts. This process will vary widely depending on the position. An administrative assistant, for example, is likely to have a less complex profile here than a systems administrator or HR manager.

Be specific. For that reason, your preparation must include a position-by-position game plan for the sudden departure of an employee, either voluntary or involuntary. How quickly can you lock down data? Is that person using a personal device, and can the company data on it be wiped remotely? To what, specifically, does that person currently have access? Think beyond customer data and IP here … we’ve seen more than one company unable to access their social media accounts or website because those were set up by a now-departed team member. Just as you require two signatures on checks, a best practice here is to make sure that no single person has exclusive control over any component of your data or online profile.

Communicate. As noted above, some data loss is inadvertent. It’s vital to communicate to current employees your specific policies for how and where company data may be stored and used. This may not head off their taking your data with ill intent, but it will help reduce any misunderstandings. Rapid communication after the fact is also critical. In many organizations, some online resources are managed by the IT department and others by Human Resources. If one of those terminates an employee and the other doesn’t get the news until a week later, that’s a huge security exposure.

“Expect the best and plan for the worst,” goes the saying, and it’s custom-made for this situation. Make your very best effort to keep your team happy so they don’t leave, but be prepared if they do.


What's You're Risk? CTA