Why are Risks to Data Security a concern when employees leave?

When employees leave, there's potential for them to take sensitive data or company information with them, either intentionally or inadvertently. They may have had access to proprietary information, client data, or strategic plans, which could be used by competitors or misused in other ways if not properly managed.

What are the primary risks associated with departing employees?

The primary risks include: Unauthorized access to sensitive data after departure, Transfer of proprietary or sensitive data to personal devices or external accounts, Potential disclosure to third parties or competitors, Leaving backdoors or vulnerabilities in the system

How can companies take prevention of unauthorized data access after an employee leaves?

Companies can employ measures such as revoking access credentials, regularly auditing user activities, and ensuring prompt deactivation of accounts associated with departing employees or opting techniques like data masking.

Are exit interviews important from a data security perspective?

Absolutely! Exit interviews allow employers to remind departing employees of their non-disclosure agreements and other obligations. They also provide an opportunity to understand what data or information the employee had access to and to retrieve any company property or data.

Should we be concerned about employees moving to competitors?

Yes, especially if they had access to proprietary data or trade secrets. It's wise to have non-compete and non-disclosure agreements in place, and to remind employees of these agreements upon their departure.

What's the role of IT in ensuring data security during employee transitions?

IT plays a pivotal role. They ensure that all digital footprints of a departing employee are managed appropriately – from deactivating accounts, monitoring email forwarding rules, to wiping company data from personal devices.

How can companies ensure that employees don’t leave with important data on their personal devices?

Implementing a robust Bring Your Own Device (BYOD) policy can help. This includes clear guidelines on accessing company data, periodic audits, and the ability to remotely wipe data from personal devices if necessary.

Is training significant in safeguarding company data when employees depart?

Definitely. Regular training ensures employees understand the value of data and their responsibilities towards safeguarding it. When they recognize the implications of data breaches, they're more likely to be cautious and compliant.

How can we monitor and ensure that former employees aren’t accessing company systems?

Beyond deactivating accounts, companies should implement system alerts for any unauthorized or suspicious access attempts. Monitoring tools can track IP addresses and activities associated with former employees, helping detect any anomalies.

What if we find out a former employee has breached data security protocols?

First, assess the extent of the breach and the data compromised. Then, take corrective measures like changing security credentials and notifying affected parties. Depending on the severity, legal action against the former employee may be warranted. Always consult with legal counsel to understand the best course of action.

What measures can we take to educate employees about data security before they leave the company?

Before departure, we provide employees with training sessions that highlight data security best practices and their responsibilities regarding confidential information. This empowers them to handle data appropriately and reduces the likelihood of security breaches even after they've left the organization.

Human Risk Management Webinar

Hacking the Boardroom: CISOs and the Board

Living Security Team

Oct 27, 2022

1 Min Read

CISOs have a critical role in a company, but they don’t always interact with the Board of Directors. Human Risk Management puts CISOs front and center.

David Spark (Producer & Managing Editor, CISO Series), Deneen Defiore (VP & Chief Information Security Officer, United Airlines), and Naomi Buckwalter (Chief Information Security Officer, Cybersecurity Partners of Philadelphia) discuss:

How CISOs and Security Program Owners can better approach and get more buy-in from the Board.
Good advice, bad advice, and worse advice for how to speak to a Board and what to do to improve that conversation.
Key critical thinking perspectives to make security personal, applicable, and meaningful and to relate it to what your company’s industry-specific or relevant needs may be.
How to effectively communicate information to the Board that is informative, not fearful.

Watch the webinar now.