Call us on 03450 21 21 51

SRM Solutions
What to do when a staff member leaves
The SRM Blog

What to do when a staff member leaves

Ian Armstrong

Written by Ian Armstrong

10th February 2020

Share this article

data loss

Staff turnover is one of the leading causes of data loss, so make sure you have a plan of action in place.

As any business owner knows, data loss is a very real issue within the modern business landscape. The idea of a data breach can instantly send shivers down most employers’ spines, especially since the arrival of stricter GDPR guidelines back in 2018.

When we think of data breaches, we tend to imagine mysterious hackers working from a dark room as they hatch their evil schemes.

But in fact, more often than not, the reason for data loss is much simpler and much closer to home.

Research from Info Security Group reveals 34% of data breaches were caused by insiders in 2018, compared to 28% in 2017. Employers often underestimate the risks of employees — whether wittingly or unwittingly — taking sensitive data with them when they leave the company.

And considering that the UK average turnover rate is around 15% per year, according to Monster, knowing how best to protect your company data when a team member leaves is vital for effective business security.

 

8 ways to protect against data loss

Remove access to the employee’s mailbox

Many companies don’t block access to a departing employee’s emails until hours or even days after they have left the business. Obviously, an employee will require access to their emails while working their notice period, but you can still take steps to begin reducing access so that, the moment they leave, their mailbox is made unavailable to them.

You can also monitor their actions during this time, too. Look out for suspicious actions like forwarding large quantities of emails from their work mailbox to a personal one, or printing a large number of files.

Change passwords

This is one of the simplest but most effective ways to reduce the risk of data leaving the business with an employee. Change the passwords used to access the employee’s mailbox and other platforms, such as files stored in the cloud or on a specific device.

As well as changing the passwords used by that particular employee, you can also go one step further and announce that passwords should be changed across your business. That way, any login information your former employee surreptitiously picked up during their time of employment is no longer accurate.

Disable access to multiple applications

The use of a single sign-on system from applications like Active Directory is a useful tool for employees, as it allows them to access all the documentation and resources they need to complete their daily tasks with one sign in.

However, it can also be useful for you in the wake of a departing employee. Single sign-on allows you to deactivate a former team member in one fell swoop, cutting access to all applications and other resources immediately.

Limit data to individual departments if possible

If you’re part of a larger business it is likely that staff turnover will be higher and the possibility of lost data is higher – even if solid processes and procedures for departing staff are in place. However, by tailoring permissions and access to files and networks by team or department it is often easier to reduce the opportunities for data to be distributed too widely.

For example, your Human Resources team has little need for comprehensive marketing information. Putting these restrictions in place lowers the stakes when a team member does leave the business.

Regularly revisit your list of access points

While most responsible organisations with a mature approach to information security have a list of access points that past employees could take advantage of, it’s important to revisit this list on a regular basis.

This will include resources like your official website and social media channels like Facebook and Twitter, as well as less obvious tools. Your employee may have used a separate Google Analytics account to report on web statistics, or an external graphic design tool. For this reason, when an employee leaves, it is crucial that access is transferred to other team members and passwords are changed as a matter of course.

Disable and wipe devices

Any device which is given to the employee when they start at your company, whether it’s a mobile, laptop or tablet, is technically owned by you and your business, meaning you have every right to retrieve the device when the employee leaves and wipe it clean.

With the rise in BYOD (Bring Your Own Device) culture, things get more complicated. You can’t simply take a device when an employee leaves if that device belongs to them, and you also can’t search it without consent due to the possibility of coming across private, sensitive or financial information.

Implementing a Mobile Device Management strategy for employee-owned devices now is key. This should allow you to access and wipe only company data but not personal data.

Monitor all applications for a period after the employee has left

Chances are you trust your employees explicitly and wouldn’t dream of suspecting any one of them of taking data from your business. However, it’s important to remember that data breaches can just as easily occur accidentally. Taking the necessary steps to protect your business is the smart decision.

This should involve monitoring the various platforms your employee had access to for a designated length of time after they’ve left the company. How long this period should last is at your discretion — a week, two weeks, a month or even longer.

Remember that employees leaving of their own volition will work a notice period and will therefore have access to company data while also knowing that they are leaving, so it’s important that your monitoring stretches across this notice period too.

Managing administrator access

While it will sometimes be necessary to provide senior or specific members of staff “Administrator” permissions to software and digital platforms, reducing access levels immediately after an employee hands in their notice may be prudent. In some cases, an employer may even wish to consider gardening leave as an option.

While you may hope that a senior team member would be unlikely to compromise data security – either intentionally or accidentally – it’s important to remember that the greater the access levels the greater the associated risk with an individual. A business Risk based decision needs to be made and documented and have appropriate C level authorisation. If an individual stays for their notice period, then ref the monitoring mentioned earlier.

 

What to do if an employee is suspected of foul play

Things get more serious when an employee is leaving on bad terms, not least because this significantly increases the chances of them betraying the security of your business once they’ve left.

Employees who you suspect of foul play – namely deleting files, stealing data and sharing information with outsiders – will require you to pursue legal action. Under employment law an individual should typically be suspended pending an investigation. Then the issue of their access to the business infrastructure should be addressed appropriately.

Firstly, you should turn off the suspect’s computer. Activities from this system could potentially be traced, but continuing to use the PC can reduce the chances of uncovering vital evidence.

Next, you should hire a third-party to carry out digital forensics on your device. This will help to highlight any potential threats to your security, authenticating the evidence and avoiding unauthorised access to company data in the process.

 

Be proactive, not reactive: put good data protection in place

The best way to protect your business against data loss is to put the right policies, processes and procedures in place from the offset. Don’t wait for an incident to occur before building your defences – take matters into your hands now so you can avoid costs to your time, finances and reputation down the line.

Use strong passwords; manage devices thoroughly; encrypt data; stay up to date; limit employee access; create a robust Information Security Policy and Procedures document set and educate all members of staff. These are just some of the things you can do to take action now and ensure your business is as secure as possible.

Improving your data security now is the best way to protect your business from data loss down the line. SRM can help you make those changes, offering a range of services designed to identify and remedy weak spots in your business’s digital security. Click here to get in touch with our team of experts today, or call us on 03450 21 21 51, and find out more about how we can help you.