Protecting Your Company Network Part 1. Offboarding Right
You’ve done all the right things to protect your network from both insider threats and outside hackers. Employee computer monitoring is just one of the tools you’ve used to keep your intellectual property (IP) safe, along with antivirus software, a properly set-up firewall and other bits and pieces put together by your IT team. But one area where companies seem to still be vulnerable is with leaving openings to former (and potentially disgruntled) employees.
Offboarding employees’ computer access has to be done right, and fast, or there will be consequences. However, new security research shows that a “third of UK IT decision makers (32%) believe it would be ‘easy’ for a former employee to log in and access systems or information with old passwords”. While that’s a devastating indictment of their processes, North American firms have no reason to feel smug; Enterprise Apps Tech trends reporter noted recently that up to 90 percent of former employees in a recent study still would have access to their firms’ vital applications like Salesforce and Facebook. Even worse, nearly 70 percent of those employees were storing important company data on personal cloud accounts – which would make it virtually impossible to prevent a leak during or after an employee’s tenure, if that worker were so inclined.
Employee monitoring can at least help firms to pinpoint bad behavior such as throwing company data into their own Google Drive account, or into some other app that your firm might discourage using. You can see if they’re obnoxiously emailing your competitors their resumes and cover letters from the comfort of the desktop PC you’ve provided them to do their work. Vigilant monitoring and proactive intervention will at least help reduce the chance that someone with bad habits carries them on after they’ve left your company. Still, you need to do offboarding right to mitigate your company’s risk.
HR.com provides some common-sense advice on how to do that:
- Make sure your offboarding process is clearly defined and understood by your managers as well as employees. Create a checklist of all your data security areas, including network passwords, email and more
- Record your employees’ access logins and ensure they’re closed off.
- Define who is responsible for removing an employee’s access – and make sure they’re accountable. Whether it’s a specific person, department or even several individuals; accountability and clarity is essential.
Not every employee you let go is going to cause you headaches, but follow the rules above and be proactive about protecting your company and IP. Employee computer monitoring is one part of your complete solution – in the next part, we’ll look at policies you can create to cover yourself.