Security is (and will continue to be) an extremely hot topic. To fully protect propriety data, organizations must implement a multi-layered security approach. Unfortunately, businesses often overlook a critical component called onboarding and offboarding of employees.
According to Throttlenet.com, 89% of employees who leave a company walk away with at least one password they used daily. On top of that, 49% of them log into an account after leaving. Do you want your employees to access company data after they’ve quit or been terminated? For most, that would be a resounding “no.” However, processes are not put in place to prevent this from happening.
If you want to develop a process that will stop employees from accessing accounts or stealing data, you can implement the two-part strategy below.
Step 1: Onboard Employees
In order to set the stage from the beginning, employees must be on-boarded properly. Not only should processes be in place, but they should be reviewed in detail with the new employee. Here’s what you should include in your onboarding process from a security standpoint:
- Document property assigned and have the employee sign a document stating they are borrowing the company’s hardware.
- Record all accounts with usernames and passwords. While you can do this on a sheet of paper, it’s much safer to use a password manager.
- Create and distribute an internet usage policy with regulations on a computer, internet, and email usage. This must be reviewed with the employee in detail.
Step 2: Offboard Employees
Proper offboarding is crucial for an effective security strategy. Unfortunately, employees don’t always leave on the best of terms. Occasionally, they’ll take proprietary company data with them whether they photocopy, transfer to a USB or email it to their personal account. This must be stopped before confidential data ends up in the hands of your competitor.
By staying one step ahead of rogue employees, you can prevent this from happening. Here’s how:
- Disable access to files immediately.
- Collect all company property.
- Change all credentials.
- Remote wipe devices & hardware (this is really more relevant for employees being terminated or who have gone rogue).
