Workers have been changing jobs at a historic clip, and the numbers are hard to believe.
According to the U.S. Bureau of Labor Statistics, a record 47.8 million workers in the U.S. resigned in 2021. In March 2022, 4.5 million workers quit their jobs – another record – while Gartner projects job turnover in 2022 will be roughly 20% higher than pre-pandemic levels.
Amidst this upheaval, something that's not mentioned is that many of these individuals pose data risks to their former employers.
Organizations are offboarding employees at an overwhelming pace, making it even more likely that some processes, like protecting proprietary data or revoking former employees’ access, might fall through the cracks. This can create a multitude of data security troubles, with data loss being chief among them.
An employee might accidentally leave your company with cached data on their personal devices. They might steal or delete critical data like company source code or other proprietary data before taking their leave. In a recent report, almost a quarter of respondents admitted they can still access accounts from past jobs, leaving employers vulnerable to data theft. Lax data security can lead to compliance implications as well, resulting in extensive fines for your business.
It's time to sound the alarm and take measures to reduce the risk of departing employees. Here are four ways to protect your data during The Great Resignation.
1. Curtail access
A documented and in-depth offboarding process lowers your risk of data loss.
Inventory all the applications and data your departing employees have access to and make sure you have documented procedures for removing that access. Companies with a more mature security program likely have these processes in place. However, it’s worth reviewing them given the surge in offboarding.
Centralized access management tools make it simpler for security administrators to remove access from departing employees, but they're not flawless. Well-defined access removal processes are critical.
Additionally, be sure you know who will revoke access, how, and when. This should ideally occur the day the employee leaves but just 34% of organizations actually do this. In fact, 50% of companies take three days or more. Each day access stays open is another day you risk data theft.
2. Safeguard assets
All proprietary data from the departing employee's devices must be in hand. No exceptions.
For instance, if there are any documents or data stored locally on the employee's laptop, be sure you have backups of that data or store the data in centralized systems the company has access to.
Beyond that, you should also know where that individual stored their work. Is it in a shared drive? In the cloud? Wherever it is, be sure it's both secure and accessible.
You also need a plan for what to do if an employee leaves on bad terms. What’s the likelihood that an individual might remove or destroy content? To be safe, develop an emergency access removal process where the right people and systems are quickly activated to cut access in situations like this.
3. Flag personal devices
According to a Gartner report, more than half of remote workers use personal phones or laptops to do their job, at least some of the time.
Personal devices that have connected to company applications might accidently walk your data right out the door. Sure, the offboarding process eliminates access, but an employee's personal device might have collected data stored locally. This is a potential risk that extends to all remote employees.
To eliminate this concern, think about only allowing personal devices to access company data if they’re enrolled in your company’s endpoint device management software. You should also employ acceptable use and access policies that dictate what types of devices employees can connect to company resources with.
4. Educate your employees
Lastly, you can improve data security before the offboarding process even begins by creating more company-wide awareness of data security.
Training employees to recognize the various threats your company might face offers another line of defense to any security program. Some of this education has dropped off or taken a back seat since hybrid and remote work became more prevalent. Don’t let this become permanent.
Remote and hybrid work are here to stay, so consider expanding your awareness training programs to reinforce acceptable practices for accessing corporate resources and securing home networks. If the entire organization is more mindful of data security, everyone can work together to keep data safe during offboarding.
Address data security risks head on
Teams that were already stressed about data and privacy concerns are feeling even more anxiety as employees come and go. But there are things you can do about it.
Assess the data security risks of offboarding and ongoing employee transitions and be sure you have a firm grasp of how your employees are handling company data. The risk is real, and it’s not going away – even if The Great Resignation slows. So, address these risks and take control of your data security today.