Best Practices for Protecting Your Data When Employees Leave the Company

Posted by Bob Spurzem • January 10, 2017

When employees leave a company, whether voluntarily or involuntarily, it is quite common for them to take sensitive and confidential data with them.  How widespread is the problems and what can IT Managers do to protect sensitive data?  To answer these important questions (and more) Osterman Research surveyed 187 IT/HR decision makers in organizations of various sizes primarily in North America. 

Here are some of the important takeaways:

  • Employee turnover is a fact of life: the typical organization in the United States, for example, can expect that 24 percent of its employees will leave each year, although some companies in the Fortune 500 experience much higher turnover.
  • Employees who leave their employers, regardless of the reason for their departure, often take with them sensitive and confidential information, such as intellectual property or trade secrets, that belongs solely to their employer.
  • The theft of this information can damage a company in a variety of ways, including putting them at risk of a regulatory violation, forcing them to take legal action against former employees, harming their competitive position, and negatively impacting their revenue.
  • To reduce the risk of employees taking information with them when they leave, employers should establish detailed and thorough policies and procedures focused on ensuring visibility into employee practices, limiting employee access to data, requiring encryption of sensitive data, managing devices properly, ensuring that data is backed up and archived properly, requiring the use of enterprise apps (since these apps and any associated offline content can be remotely wiped, even on personally managed devices), and ensuring that IT has access to all corporate data to which it should have access (some confidential data, such as HR data, should not be available to IT in all cases.)
  • To support these policies and procedures, organizations should evaluate and deploy various technology solutions. Technologies that should be considered, but not all of which need to be deployed, include content archiving, backup and recovery, file sharing and collaboration, encryption, mobile device management, employee activity monitoring, data loss prevention, logging and reporting, virtual desktops and other solutions that will minimize the possibility of employees misappropriating corporate data upon their departure.

Here are some of the important survey results:

  • Respondents to the survey report the occurrence of problems related to employee turnover and terminations.

Blog01102017_1.jpg

  • Respondent to the survey report what steps they take to protect sensitive data related to employee turnover and terminations.

Blog01102017_2.jpg

  • Respondents to the survey report how they process laptops when employees depart the company or are terminated.

Blog01102017_3.jpg

The results are published in a December 2016 report.  To read the complete survey results we invite you to download the entire report.  Here you will find some new ideas and suggestions you can use in your organization to protect sensitive data when employees depart the company or are terminated.

Download paper here