Stop departing employees from exiting with your information
When an employee resigns or is terminated, it is a challenging time for management and former colleagues. On the employee’s last days, focus tends to be on enabling the ex-employee to leave with dignity, and to make arrangements to reassign their duties to their former colleagues.
Policies and procedures to “offboard” former employees are often not as well documented as for onboarding new hires. If an employee had access to a myriad of business applications, their credentials to some of them may linger for weeks or months past their time of active employment. Whether a former employee’s next role within your industry is a competitor or partner or he simply doesn’t have many loyalties to his previous employer, he may take an opportunity to do a final export, deletion or modification of data, such as:
● Customer and prospect contact data from your Customer Relationship Management app
● Product engineering designs from your Product Lifecycle Management application
● Data about prospective employees from your Applicant Tracking system
● Files like contracts, invoices and emails by disgruntled former IT staff
● Website copy, e-commerce product descriptions or social media posts
Trusting our former colleagues and employees to respect the terms of employment and severance documents is a risky way to conduct business. Companies need to put mechanisms in place to safeguard their second-most valuable asset, (after their employees) their corporate data.
User Provisioning and Deprovisioning with Federated Identity and Access Management
Maintaining lists of on-premise and cloud applications which each employee and/or job role has access to is a good start to protecting your data. Federated Identity and access management consolidates user IDs and passwords into a single identity which can be turned on and off. Centralized user management means IT administrators don’t need to run through a checklist of applications when HR notifies them that an individual is no longer employed by the organization.
Companies should make application identity removal (deprovisioning) a high priority in the employment separation process. Executives wouldn’t want departing employees to push a filing cabinet of physical files to their car on their last day of employment. Leaving access open to electronic data is potentially far more damaging.
An Osterman Research survey of 1,000 US and European employees found that one in five employees uploaded sensitive corporate data to the cloud before leaving an employer. This may be understating the severity, because 69 percent of companies they polled say they have “suffered significant data or knowledge loss” according to a CIO.com article.
What are the motivation and damages from data loss?
The Osterman Research employee survey found that some of the reasons behind data theft by internal employees in the private and public sectors include:
● Fear of layoffs in challenging business or economic climate
● Malicious data theft for revenge following conflict with a former employer
● Securing a job with a competitor, and wanting to bring intellectual property or a competitive advantage to their new employer
● Self-interest, such as to succeed in a new sales position at a different employer
● Inadvertent theft, such as when they use a personal laptop or mobile device for consecutive positions
● Feelings of entitlement, such as if a business development professional builds a rapport with prospects and customers
● Rogue use of unauthorized cloud services like Dropbox or personal Google Drive accounts
There are many ways that companies suffer when their data walks out the door with former employees. Not only could they lose loyal customers or lose valuable intellectual property, there are other damages like:
● Penalties for compliance violations
● Reputation damage and if confidential company activities are disclosed beyond corporate control. This can erode a company’s competitive position
● Increased legal financial costs and reduced revenues
Further benefits of consolidating app authentication
Implementing and documenting strong user provisioning processes is an important step in protecting company data and knowledge, but there are multiple other reasons why Federated identity and access management (IAM) solutions are the best defense against data loss from insider as well as outsider threats. Identity federation can enforce stronger passwords, scheduled password changes, and overall better security posture while a person is still employed.
As more businesses and government organizations allow flexible or remote workplaces and for employees to use their own devices (BYOD), it reinforces the value of IAM adoption. As does the increased use of freelance or contract employees when business data access is provided.
As valuable as employees are to a company, turnover and churn is inevitable. IAM is an important part of a data loss prevention strategy, yet it doesn’t stop there. Executives should consider it a part of other critical business mandates, including:
● Human capital management
● Reputation, IP and revenue protection
● Competitive positioning
● Product engineering
● Data privacy for customers, partners and suppliers
Do you need assistance with automating user provisioning for on premise and cloud applications, or to build a business case for IAM? Contact Safewhere, or one of our authorized implementation partners to discuss ways to protect your data from internal and external threats.