90% of former employees can access old work accounts. Where does that leave your company security?
Out of that 90%, 45% of employees said they still retained access to confidential and highly confidential work data from previous jobs. To make matters worse, 49% of respondents said they successfully logged into their former work accounts. According to a survey done by Intermedia, your company security is far from safe when an employee leaves. But what are you doing about it?
It goes without saying that the best course of action is to always be prepared. That’s why creating a predetermined set of termination procedures is the best way to safeguard your company when employees leave. From revoking authorization to changing passwords, zbrella covers everything a good exit plan should include to truly maximize company security.
Establish Clear Policies
Start from square one and draw up a list of the most basic policies you can think of. Then, put them onto paper and into the office. Make sure policies prohibit former employees from accessing critical company information. Extensively outline the consequences if those rules are broken. Above all else, make it clear that any and all information, documentation, and/or data created by employees are the sole property of the company, current and post-employment. Creating a policy before termination lets everyone know where they stand in terms of accessing old company information and puts legal repercussions to reckless actions.
Sharing Isn’t Caring
As a rule of thumb, account for shared credentials in your general company policy. Make employees aware that sharing credentials will not be tolerated, as it increases the chances of internal and external threats tenfold. To double down on company security after an employee is gone, make sure current employees weren’t sharing credentials regardless of company policy. If they were, see to it that all shared credentials get updated passwords and login information. Try and enforce a strict no-share policy once all shared credentials have been wiped and updated.
Revoke All Accounts
It goes without saying, but revoke all former-employee accounts. Too often companies fail to follow-up with former employees and allow login portals and accounts to sit unmonitored. Once an employee is no longer with your company, follow-up on all accounts. Remember to revoke access to Cloud accounts, as well. These can be easy to overlook as they are remote and therefore out of sight. Include a running list of every Cloud service currently in-use at your company, and make sure the respective credentials are revoked, too.
Automate, Automate, Automate
Implementing automation into your company will save you a world of trouble and time when an employee leaves. There are tools that exist that can automate a company’s entire technology infrastructure to hand-tailor exactly what you want automated in the workplace. To get the most from an automation system, have your IT team implement something that will automatically make the small changes that are often overlooked when an employee leaves. Tasks we have already mentioned, like revoking employee access to company accounts, changing passwords, and removing shared credentials can be automated to streamline the process of losing an employee. You can also lock an employee’s resources. Automation removes the time spent on manual changes and implements the steps you need to take when an employee leaves immediately.
Use Mobile Device Management
Even if you adhere to all the tips and tricks in the book, it can be difficult to cover everything. That’s why it’s important to protect your data across all platforms, especially on your mobile devices. A layered security approach is a great strategy to protect company data even when it is on an employee’s mobile device. Oftentimes when an employee leaves, tons of company data remain on their mobile devices among their own personal information, too. This can make it difficult to sort through and delete vital company info. A layered security approach allows you to safely wipe business data without physically having to repossess an employee’s mobile devices.