When considering data security, law firms go to great measures to protect digital assets from outside forces such as natural disasters and criminal hacking. But this same diligence needs to be applied to uphold security in regards to your employee base – both past and present. Of particular concern should be how access is managed when an employee leaves the company. Whether it’s a voluntary departure or a termination, it is absolutely imperative to disable employee accounts in a timely manner.
Disgruntled employees pose a real threat to data security and protecting the firm’s digital assets must become one of the first orders of business when an employee is fired. But there is risk even when an employee leaves the firm on their own – for instance, they could become a potential competitive threat. Furthermore, every former employee could become a target for social engineering attacks. While current employees would undoubtedly guard the firm’s information, former ones may be less vigilant and could become a source of valuable data for industrial espionage.
Strengthening your procedures
Too many firms underestimate the need to prevent former employees from accessing physical and intellectual property belonging to the firm. Some firms have simple paper checklists to follow when an employee leaves while others have no formal procedure at all. Most firms are simply not doing enough to protect themselves from a very serious potential threat.
There are many points of access to secure when an employee leaves the firm such as remote connectivity credentials, physical security (badges and building access), laptops and mobile devices that the employee may have configured to access the firm’s email servers – and many other items. Firms need to properly set up internal systems to ensure that control over all data belonging to the firm and then establish sound procedures to follow when an employee leaves.
Establishing automated processes
To streamline employee departure security procedures, a firm could establish an automated ticketing system that launches as soon as an HR member flips the “current” flag on the employee’s record. This system would create tickets for every service team member within the firm that needs to take action. Very strict timeframes should be associated with these actions and they should be prioritized accordingly. They should also be audited to verify completion. Missing a deadline should result in an immediate escalation.
Taking a systematic approach is not only beneficial to security issues but to better manage all IT activities. Firms would benefit from carefully reviewing all IT procedures to verify efficiency and efficacy. If, by the end of this evaluation, everything checks out and the IT organization seems to be functioning as a well-oiled machine – you can rest easy and consider giving everyone a bonus. However, if that is not the case, it would behoove the firm to invest that potential bonus money in tightening operations – and begin doing so today. Otherwise, tomorrow, a former employee could willfully or unknowingly expose your competitive advantages.