Research Hub > Protect Your Company Data When Employees Leave | CDW

November 29, 2021

Article
4 min

8 Best Practices That Protect Your Company Data When Employees Leave

When an employee leaves your organization, your company data could end up leaving with them. Below is a list of best practices to better protect your organization’s data after employees move onto other opportunities.

CDW Expert CDW Expert

When an employee leaves an organization, human resources and IT departments should ensure that all the company’s property is returned; this includes laptops, monitors, company-issued cell phones, or any other electronic devices. When employees resign, they typically do not have malicious intent when they take company data, but they might have forgotten that they downloaded sensitive files to their smartphones. However, what if an employee suddenly leaves your company on bad terms? This much is clear: data is leaving organizations and leaving fast. Below is a list of best practices to better protect your organization’s data after employees move onto other opportunities.

1. Develop Data Protection Policies

Protecting company data shouldn’t be a step that you take after employees submit their resignation letters. Data protection policies should be in place for both new hires and existing employees and continued throughout their tenures. Establish thorough policies and procedures for employees who handle company data, as well as specific penalties for those who do not abide by them. This will not only put your organization in a better position to be transparent with your employees, but it will also protect your organization from the risks of data theft or loss when employees resign. 

2. Limit Employee Access to Company Data

Ask yourself “What do my employees have access to within the organization?” While employees need to be granted access to certain data to accomplish their work, too much access to company information poses data security risks. Not every employee needs unrestricted access to all your business information.  Instead, employees should only have access to the information necessary to do their jobs. Putting sensible controls in place is key in making sure that your organization’s data remains protected. 

3. Have an Effective Data Backup Strategy

It is important for your organization to have a solid backup strategy in place. Some organizations might think data backup isn’t necessary or is something that you can take care of later. That said, data backups are critically important. Failing to have a data backup strategy in place puts your organization at risk of experiencing crippling data loss. No matter what type of industry you serve, backing up your company’s information is the right choice to make. 

4. Develop Policies on Proper Use of Company Platforms

With the significant amount of data that is regularly stored on company smartphones and laptops, it is crucial for your organization to have policies in place regarding the proper use of company-owned devices and software. Employees should be thoroughly trained on these policies and asked to sign an acknowledgment agreement indicating that they understand them.

5. Implement Policies to Audit Employee Behavior

When using any company resource, such as a computer or mobile device, your organization should adopt policies to monitor and audit employee behavior. This can also be beneficial in pointing out any suspicious employee behavior. However, the IT department should use any auditing and monitoring activities judiciously. While it’s important to make clear that IT will have access to employees’ devices, your organization should also be transparent about when and how you’ll have insight into employees’ digital activity. 

6. Train Your Managers Properly

Before employees leave an organization, managers need to be trained properly on the problems that may arise when employees resign and how to handle those scenarios professionally. This is key to avoiding data misuse when employees depart. The training should be updated regularly so that managers can stay well informed on the current changes that are happening in employment law and the best practices for dealing with departing employees.

7. Require Authorized Authentication for Sensitive Data

To prevent unauthorized users from accessing confidential information, it should be protected with appropriate authentication for only authorized parties. Basic authentication such as logging into a company computer might only require just a username and password, but for more sensitive and confidential information, such as employee timesheets, you might require two-factor authentication. Decision makers should also consider creating policies that will require approval from a compliance officer when certain types of sensitive information are being requested for access.

8. Ensure Ongoing Visibility of Corporate Data

It is essential that your organization has high-level visibility into all corporate data across every part of your infrastructure, endpoints, and any other applications where company information might be stored. To effectively protect your corporate data, you need to know where your data is, where it is being stored and where it’s going. By having strong data visibility across your organization, you are also able to better understand your data flow and its vulnerable points, giving decision makers the opportunity to make informed decisions on creating effective data protection policies.

Summary

Employees have the right to resign and move on to new jobs. Employees come and go – this is the reality of the corporate world. Unfortunately, many departing employees end up taking confidential corporate information, whether it’s unknowingly or with ill intent. Accordingly, you need to be proactive and take the necessary measures to protect your data when your employees move on, because the consequences of not protecting your data can be severe if you don’t. Depending on your business, there may be more specific measures you may wish to implement to help protect your data but following this standard list of practices is a great place to start.