Stealing secrets from a company you’re departing used to mean sneaking a manila envelope out in your briefcase. Data was moved one sheet of paper at a time. No more. Now, moving an entire company’s worth of data is as easy as a mass file transfer.
As a Wall Street Journal headline declared last week, “Departing Employees Are Security Horror.” Every company with a competitive advantage to protect – whether it’s a secret sauce, a customer list or a roster of employees who must be retained – should take heed and take proper precautions.
Your IT staff or IT managed services partner can take a number of steps that make it harder for employees to rob you blind on their way out the door – or, perhaps worse, to delete files or cause other havoc on your network.
By taking a structured, holistic approach to IT security management, it’s possible to harden your network defenses against threats from within or without.
The Journal piece centered on a lawsuit filed by Zynga (maker of numerous popular online games) against former Cityville general manager Alan Patmore and his new employer, KIXEYE, after Patmore took 760 documents related to unreleased games. Patmore acknowledged copying and taking confidential information, and he apologized.
The Journal story further cited research showing how common it is for employees to steal secrets when they leave a job. According to the Ponemon Institute’s survey of more than 3,300 people last year, half of all employees who left or lost jobs admit taking confidential data.
Fifty-two percent said they don’t even think it’s wrong to do so, and nearly 70 percent said their companies take no steps to protect the information.
In these facts, you have the perfect storm – an ethical deficit among half of workers, and companies that don’t know any better.
What to Do About it
The first thing organizations need is a resolve to do something. If your managed IT services partner or on-staff help has not already initiated the conversation, then start one.
As we wrote here in July, comprehensive IT security management starts with planning and work to devise a policy that covers all the bases. In terms of confidential information, the first step is to know where the data is stored and who has access to it. You also can employ tools that will notify you whenever that data is accessed. Other tools can keep certain information from being copied or exported from your network.
You also should ensure that your HR and IT staffs are talking. The last thing you want is for a terminated employee to retain access to the company network just because someone forgot to shut down his email or remote access account. Ideally, the HR staff should be able to revoke all access privileges automatically upon termination.
What About Data Backups?
Another important step is to be sure your data is always backed up. A disgruntled employee could delete a lot of irreplaceable information in a single keystroke. Regular backups can help recover it. Properly configured backup tools can make the process automatic, and they also will ensure your business can rebound from natural disaster, fire or other unexpected events.
Lastly, you should inventory the access your employees have to non-network accounts, such as those on social media platforms that represent your company. Your managers should have easy, updated access to a list of all administrators on such accounts, and their log-in information, so passwords can be changed in a pinch.
Even without access to your network, an ex-employee could easily damage the company’s reputation with a post on your Facebook or Twitter account. He or she could even lock you out of your own accounts.
That’s a lot to absorb and consider, but if the worst-case scenario ever strikes your business, you’ll be glad you thought ahead.