When business leaders consider the consequences of employee turnover, they generally look at the dollar cost to the organization. By some estimates, losing an employee can run as much as one-third to one-half of their annual salary. But beyond this monetary hit lies a potential landmine: Departing employees often pose a serious risk to the security of a company's information assets.
A December 2016 whitepaper published by OstermanResearch sums up the problem concisely. The research paper cites a survey published by Biscom in late 2015, which shows that some 87% of employees who leave a job take data they created there, and 28% take data others created. Obviously, this loss of data control can have serious and costly impacts on enterprises and must be managed effectively.
SEE: Data classification policy (Tech Pro Research)
Formulate a plan of action
In modern business, data is the most valuable asset, and access to that data must be controlled and protected at all times. When an employee leaves the company's employ, it is imperative that all of their authentication credentials and access be deleted or at least restricted immediately.
In this context, access refers to accounts, systems, devices, and any other elements that the employee used to do their job. In many cases, employees will also be required to return devices issued to them by the company. All equipment, devices, and software must be returned and accounted for as part of the termination process.
For human resource professionals and the IT departments that support the devices, the potential to overlook issued equipment, software, or access credentials is significant and potentially disastrous. To avoid problems and mitigate the risks, personnel involved in the termination should use reliable and comprehensive tools to guide them through the process.
Tech Pro Research, TechRepublic's premium sister site, offers an Employee Termination Policy you can use as-is or tailor to fit your needs. As a supplement to the policy, Tech Pro Research also offers an Employee Termination Checklist to help reduce the risk of overlooking access credentials or issued devices during what can often be a hectic and stressful procedure.
- Why your company needs clear security policies: A cautionary tale (TechRepublic)
- 10 tips for reducing insider security threats (TechRepublic)
- Data Classification Policy (Tech Pro Research)
- Equifax chief executive steps down after massive data breach (ZDNet)
What measures have been most helpful in ensuring all the bases have been covered when an employee leaves your company? Share your advice and experiences with fellow TechRepublic members.
Mark W. Kaelin has been writing and editing stories about the IT industry, gadgets, finance, accounting, and tech-life for more than 25 years. Most recently, he has been a regular contributor to BreakingModern.com, aNewDomain.net, and TechRepublic.