Dallas-based partner Billy Hammel authored a two-part series on data security threats employers may encounter when faced with employee turnover.
In part one, Hammel identifies the various threats departing employees pose to a company’s data security, and the consequences employers may face if they fail to address these threats.
More often than not, when an employee leaves a company, they take with them valuable company data for later use. Whether it be maliciously intended or an innocuous attempt to save data the employee worked hard on, “motivation only matters so much,” said Hammel, “because even the innocent retention of data can have far-reaching consequences.” Hammel goes on to provide scenarios for the various threats to company data security, including the unintentional, the opportunistic and those that arise from ignoring risks in the first place.
In part two, Hammel addresses and expands on five key strategies employers can use to reduce the risk of having their data stolen by departing employees and sold to third-party users, including:
- Know your company’s data flow and identify potential sources of data leakage.
- When it comes to access rights, follow the principle of least privilege.
- Completely deactivate access on the employee’s last day.
- Always conduct an exit interview.
- Trust but verify – audit departing employees’ activities and preserve evidence.
“Departing employees present a particularly vulnerable attack vector because they typically know what data they have access to, where it is located and how it can be copied,” said Hammel. “Companies must therefore make sure to take this risk seriously by incorporating strategies for dealing with departing employees into its security program. Your company’s survival may very well be at stake.”