I think we’ve all read enough stories about departed employees using access they should not have, or walking out the door with data and/or equipment in the news to know that organizations should probably do some of the things in the article below, right? Can’t we agree that this is true?
“Organizations must have a strategy for mitigating the risks of insider data theft. The strategy should include a well-documented employee offboarding process to ensure that non-public data remains in the possession of the company.
The danger also doesn’t end once the employee leaves the premises. Gaps in the employee offboarding process can leave a disgruntled ex-employee with ongoing access to company resources. In fact, an Osterman Research study found that 89 percent of employees could still access sensitive corporate applications well after their departure.”
Now, I’ve left a few jobs over the years, including some that were remote, which I think is a new challenge for a lot of places right now. Most of the time, the departing employee is not exactly top of mind for the organization. You’ve got work to do, and they are no longer part of the plan. I get that, but somebody probably wants to at least pay attention to what the employee is doing on the way out.
I have not yet given notice and been asked to immediately leave, though I can understand why some companies would do that. I have left places and noticed that my phone was still connected to my former email account for a few days after my last day, which probably isn’t great. I’ve also left a remote job when I lived on the West Coast, and the IT department was on the East Coast and been told that my access would stop at 2PM, so I should get in my final emails and data handoffs early that day. (And it did, in fact, go dead just before 2:00PM)
But, it’s not just access. the real challenge when quitting a remote job is the equipment. Who is making sure the employee sends everything back, and doesn’t make a copy of private data they have access to? That’s a lot harder. Again, in my experience, I sent the laptop and everything back as soon as possible, and there was a clear indication of what they were expecting me to send, but I don’t know if anyone would have continued to track it if weeks passed without me sending it in. I hope so.
On the other hand, I recently found a thumb drive in my office that had internal training data from years ago. Nothing that was still relevant, but clearly none of us made double-extra sure that I didn’t leave with the company’s data in my possession. (I didn’t even know that I had it, so I will take some blame there.)
It just goes to show, that your employees probably have your stuff all over the place, so how do you make sure you get it all back?
But, seriously, at least make sure they can’t continue to access your systems after they leave. That has to be the most basic step in this whole process, right?
Read more below: