Byte-size Bulletins

The Great Resignation? more like the Great data leak

Written by Rachael Brown | Jan 20, 2022

 

If you've been following the news, or talking to your working friends, you've probably heard about the 'Great Resignation'. Put simply, people are leaving their jobs in record numbers.

A Randstad UK survey found that a whopping 69% of workers are feeling confident about moving to a new role in the next few months, with 24% planning a change within three to six months. That's a lot of people considering jumping ship. 

What does this mean for companies? Several things. First and foremost, businesses have to adjust to this changing landscape of work, and employee expectations. 

Secondly, they need to be mindful that, if your employees quit, they could be putting your data at risk. 

This is because as companies struggle to off-board personnel at an accelerated rate, there is greater likelihood critical processes, like cancelling employee access and securing proprietary data will be glossed over. 

With more and more employees working remotely, they are increasingly using their personal devices for work. Home laptops, phones, tablets, are all being used to log into company accounts, storing passwords and data as they go. This is in addition to the increased risks of hacking employees face when they work from home. 

This means that keeping track of what organisations need to do to off-board employees is getting harder and harder. And with 34% of companies doing these processes several months after an employee has quit, this is a serious problem for security.

Employees could leave your organisation with cached data on their devices. They could cause data loss, both unintentionally and maliciously in some cases. They could steal or destroy confidential information or vital material as they leave. 

With this in mind, you need to do more to secure your data during the Great Resignation. Here's six tips from us here at The Final Step to help you do this. 

1. Well-documented off-boarding methods

To begin, make a list of all the applications and data to which the departing employees have access. You should also have procedures in place to remove that access. These procedures are almost certainly in place at firms with a more sophisticated security programme. Given the recent uptick in off-boarding, now is a good moment to examine them. 

2. Centralised access management technologies

Security administrators can revoke access from departing employees more easily with centralised access management technologies, but they aren't flawless. A critical component is well-defined access removal methods. 

One important and easy method to consider to do this is a password manager. Many employees have separate access to accounts, especially those involving social media, HR and orders.

A password manager makes controlling all of these logins more feasible, as an administrator can stop passwords entirely, or move logins to someone else. A password manager is a valuable investment for your security in general, considering the security risks associated with passwords

3. Have all company data from the employee's devices in your possession

Another crucial step is to ensure that you have all private data from the employee's devices in your possession. If any papers or data are stored locally on an employee's laptop, for example, you must ensure that backups are made or that the material is maintained in centralised systems to which the firm has access. 

Do you know where the person kept their work after that? Do you have a shared drive? Is it possible to be in the cloud? Make sure it's both safe and easy to get there. 

4. Have a strategy for data protection if employees leave on bad terms 

Prepare a strategy for protecting data if an employee leaves on bad terms. Do you have any reason to believe that individual will delete or destroy any content?

Establish an emergency access removal strategy for these instances, where the appropriate people and systems are immediately removed.

5. Only allow personal devices which are on company endpoint device management 

Consider enabling access to company data only from personal devices that are enrolled in company-managed endpoint device management software to address this risk.

When an employee leaves your organisation, this software should enable the removal of company access and crucial data. You should also establish acceptable use and access policies that specify which devices employees should use to access corporate resources. 

6. Employee training on data security 

If you fail to address the human element of data security, you fail to address data security. You can put lots of automation and centralised management tools to work, but if employees don't understand the risks associated with lost data, situations are still likely to arise. 

This is why training your employees to recognise threats is the cornerstone of any security policy. Data security is no different. Remote working has rendered many of the organisational expectations and policies for data security ineffective. 

You need to expand your awareness training programmes to promote procedures for securing home networks and accessing company resources. This will benefit your company, teams and individgual workers, as how to handle data in the organisation becomes more clear.

Increasing companywide understanding of data security issues is one strategy to improve data security before the off-boarding process even begins. Off-boarding becomes more of a team effort to keep data safe as the entire organisation becomes more aware of data protection. 

Ultimately, high rates of staff turnover create headaches. Not just for business reasons, but for security reasons as well. If you want to avoid the security headaches, it's imperative you create a thorough and detailed leaver's process. 

Photo by Ernie Journeys on Unsplash