Data breaches: 9 steps for protection when employees leave

[Destry Winant <destry () riskbasedsecurity com>]

https://neworleanscitybusiness.com/blog/2018/12/12/data-breaches-9-steps-for-protection-when-employees-leave/

The hard reality of data breaches should worry every company. Hackers
are just one part of the problem. Insider threats, such as disgruntled
or untrained employees, are a major part of the larger picture.
Research discloses that 59 percent of employees who leave will steal
proprietary corporate data. About 20 percent will sell passwords to an
outsider. And 44 percent will do so for around $1,000.

Here are nine steps you can take to protect yourself when employees leave:

1. Cancel the employee’s access privileges and user accounts. This
cuts off access to confidential or proprietary data, services and
resources. Delete or disable the employee’s login ID and block the
employee’s access to the company network. Disable individualized
access cards from your system, if you use them. These steps alone can
minimize your exposure to loss. Ahead of time, put in place procedures
to terminate access.

2. Remove the employee from lists of those with access to the company
network. Cutting off the employee from every program, system and
application strengthens security.

3. Monitor the access and actions taken on the company network or
system over the three months prior to the employee’s departure. That
will help to ensure that sensitive and confidential data is not being
downloaded. Often employees start downloading data well before they
leave.

4. Retrieve company assets. Require the departing employees to return
any property, corporate data, confidential information, badges, keys,
laptops, tokens, fax machines, cell phones and other company
equipment. You should have in place a procedure for changing locks on
a regular basis, perhaps every six months, to ensure physical access
by former employees is prohibited. Be flexible and practical in
devising and implementing this safeguard.

5. Conduct an exit interview. The supervisor, manager and/or IT
security personnel should conduct a thorough review and audit of the
employee’s paper and electronic documents and devices. If an employee
is leaving voluntarily, ask him or her questions about issues such as
the employee’s view on the company’s work environment, morale
problems, suggestions to make the company better. Document the
responses.

6. Document all reasons for firing an employee. The personnel file
should document and reflect the reasons for firing. Do this at the
time of firing, when the facts are fresh, not later when it may be
harder to collect relevant information. Remember: An employee may sue
you for wrongful termination. You need to protect yourself against
such action. Take extra precautions if the fired employee seems
disgruntled. Ponemon research shows such persons pose a high risk of
stealing data.

7. Emphasize the duty to maintain confidentiality. Employees should
sign a non-disclosure agreement when hired. Remind them when they
leave that they have a duty to maintain confidentiality.

8. Make certain the employee is paid what is owed, and return the
employee’s belongings and property. If necessary, escort the employee
from the building. This is especially important if the employee has
been fired and is disgruntled. This can mitigate against any claim the
employee may have against you.

9. Ensure that confidential information about an employee remains
confidential. A company has a duty to protect employee personal
information. Collaterally, it is vital to ensure that no action be
taken to embarrass, defame or cast aspersions, or to portray the
exiting employee in a false light.

Consult closely with outside counsel on these steps. Such counsel will
help insulate the company from legal exposure. Making the challenges
posed by employee termination part of your information security plan
is important to protecting your information assets and assuring smooth
flow of operations.
_______________________________________________
BreachExchange mailing list sponsored by Risk Based Security
BreachExchange () lists riskbasedsecurity com

If you wish to Edit your membership or Unsubscribe you can do so at the following link:
https://lists.riskbasedsecurity.com/listinfo/breachexchange