A helpful recent white paper from Intermedia, based on research, discusses corporate data and how to manage it, particularly when employees leave the organization. You can see a brief summary in this short (and ominous) video. This page with the video also has an overview of the research, and a white paper and checklist to download. Here are four important points from the paper to consider.
1. Employees Use File-Sharing Systems
Employees will use file-sharing software, one way or the other, because it’s almost necessary in the modern global environment. You can have your files unofficially floating around in applications like Dropbox or Google Drive, or you can implement a managed company solution. (For instance, at Telios Law, we use NetDocuments to store all our documents, because it is highly encrypted to international data-protection standards and requires a user account and log-in that we manage.) There are a number of solutions that would work.
2. Ex-Employees Often Keep Data
Even after employees leave the company, 89% still have access to at least one application from a former employer. This could be social media, Paypal, corporate email, or document management. Worse, about 25% of the data ex-employees can access is confidential. Many employees log in to this information after leaving, and some even share it with others.
3. Negative Legal and Other Consequences
Ex-employee access to health information or financial data may trigger obligations under data breach notification statutes. It may mean that companies cannot fully implement legal holds or satisfy discovery obligations in a lawsuit. Companies may lose rights to intellectual property. They may be open to attacks by malicious ex-employees. Or well-meaning employees may accidentally wipe your data as they “clean up” their files in the process of departure.
4. Steps to Take
Explore where your corporate data is stored. Have acceptable use policies for company and employee devices, especially personal devices and unapproved software. Have an off-boarding process that makes sure employees turn over their log-in credentials and reveals where corporate data is stored. Manage your cloud applications so you know what is being used and who has access.
Featured image: "Office people working behind computer" from Freerange stock.
- Cyber Security in Less Secure Countries
- Part 4: Getting, offering, or demanding help…what are some suggestions? “Now that you mention it, can you force people to get help?” – A reprise
- Volunteer Screening Trends and Best Practices Report 2017: What Does it Say?
- Part 3: Getting, offering, or demanding help…what are some suggestions? "Confessions from the rocking chair"
- Federal Judge Blocks FLSA Overtime Rule Change Previously Set to Go into Effect December 1st