Protecting Your Company Network Part 2. An HR Checklist
This is Part 2. Part 1 “Offboarding Right” of these series is posted here
Think all this worrying about disgruntled employees might be a bit overblown? Perhaps you recall the Sony security breach from a few months back wherein a ton of company data got turned over to North Korean hackers. The company is still picking up the pieces from that one – and analysts believe it all started with a combination of outside threats and an internal employee breach.
As we noted in Part 1 of this series, employee computer monitoring is just one important part of your overall network security strategy.
To borrow an infamous turn of phrase from Donald Rumsfeld, there are “known knowns” when it comes to protecting your intellectual property. These are things we know that we know (eg. bad behavior noted through vigilant computer monitoring). There are known unknowns. That is to say, there are things that we know we don’t know (eg. an unknown number of employees we thought were happy, but who actually hold a grudge and want to hurt your company).
How do you protect your company against those unknown threats? Partly, through your security technology, but also through your company’s processes. Longtime IT management journalist Don Tennant offers some updated tips on how to do this in his recent article: Minimizing the Risk of Losing Intellectual Property When You Lose an Employee. Some highlights:
Be Up-Front About Your Expectations to Job Seekers. That’s right – even before they enter your front door, “a pre-employment interview agreement that spells out what prospective employees can and can’t use or disclose from their previous jobs” is essential. When this is a standard part of your onboarding process, it can also discourage unwanted behavior before or during the offboarding process, when they leave (and as Tennant notes with only a little exaggeration, everybody leaves eventually).
Use Nondisclosure Agreements. It is not uncommon now for companies to demand employees sign nondisclosure agreements before coming on board. This doesn’t just discourage your internal staff from sending your valuable data to a competitor in hopes of a better job opportunity; it also makes that outside firm very wary of accepting a poison pill from your disloyal staffer.
Take Security Seriously. Your employee monitoring solution is a tool – and if used properly, it will be harder for the “known unknown” threats to catch you. “Determine what trade secret information he regularly had access to, and whether there is any evidence of unauthorized access,” Tennant explains. “Investigate whether the employee has exhibited any unusual behavior such as excessive copying, downloading, emailing, or erasing of records. If permitted by company policy and law, make a copy of the employee’s hard drive.”
The exit interview can also clue you into any lingering threats you hadn’t picked up on before. You may have assumed previously that the employee had no ill will towards you because they were hiding their true, hostile feelings (born of some imagined or misinterpreted slight against them). At the exit interview, on the verge of leaving your office an employee intending to do harm may feel confident enough to hint at the damage they could do (or do more than hint). We’ve found from anecdotal evidence that even if the employee has been very careful to cover their tracks previously, they might not be able to resist finally showing their true colors.