It is essential for companies to take steps in order to maintain their security, especially when changes occur within the company’s staff.
Employees looking for a change of scene, suppliers who do not pay on time or companies that go out of business – there are numerous reasons as to why business relationships may come to an end and companies should control what information is retained by those who are leaving and obtained by those who are entering.
It seems that many companies don’t pay much attention to this matter. There are few organisations that take the necessary precautions to prevent ex-employees from keeping information that belongs to the company. According to a study carried out by Osterman Research, 89% of the ex-employees keep the login and the password which gave them access to at least one of their former company’s services.
Of all the participants in the survey, 45% acknowledged that they continued to have access to sensitive or confidential information and up to 49% claimed they had accessed some service after leaving the company. Therefore, organisations need to implement mechanisms and strategies that allow them to safeguard the privacy of their information from any changes within their workforce.
The most important thing is to take action before the employees leave. A basic requirement to avoid problems in the long term is to know all the accounts to which employees have access and, in addition, to register the credentials with which they can login to one service or another.
It would be wise for companies to implement a single sign-on platform. A portal from which employees could access all the tools necessary to do their job, using their corporate email as a User ID. Should the employment relationship come to an end, the organisation would only have to delete the employee’s email to safeguard the company’s information.
In the event that the company has forgotten or discarded this first step, they will be able to establish a procedure which must be followed by the employees when they leave their jobs. In some cases security measures as simple as making sure ex-employees return the tools provided for their work, such as a computer, a smartphone or the card giving access to the office.
The study exposed, 68% of the employees that took part in the survey claimed to have kept corporate information in one or another personal account in the cloud.
Employees who needed to check documents outside the office stored them in Dropbox, Google Drive or OneDrive. According to Michael Osterman, president of Osterman Research, “if an employee stores sensitive or confidential data in personal Dropbox or Google Drive accounts, then this data is potentially accessible by outsiders the day he or she becomes an ‘ex-employee’”.
For this reason, it is recommended that organisations should implement or create their own cloud storage service. This way, the company will have control as to who can access the data and should an employee be let go the company can change the credentials accordingly.
Furthermore, management of the company should encourage employees to save information to the company’s accounts and server, rather than their personal accounts or desktops. The company must also incorporate regular audits to check that everything goes as planned and all data is safe.