A company’s data is extremely valuable. From client lists to sensitive financial records, employees handle this data during normal day-to-day operations. Employees can easily compromise this data unintentionally or with malicious motives. To mitigate this risk, a company must implement procedures to prevent current or departing employees from mishandling data (whether deliberately or not) and a contingency plan to recover any data that is lost. A company should also implement preventive measures to protect itself from future data loss.
How Employees Can Compromise Data
According to Osterman Research, Inc., employees can mishandle company data in several ways. The problem often occurs after the employee’s termination or resignation:
- Inadvertent theft: The employee may have access to cloud storage, information stored on a personal computer, mobile apps, and other forms of “shadow IT.” This means employees can leave the company without even realizing that they’ve taken data with them.
- Justifiable use: If the rules around data protection and retention are not completely clear to employees, then they may not see the harm in taking the data with them. They assume since they don’t have malicious intent, taking data won’t harm the company. They may feel justified in taking corporate data because they created it or worked with the company for a long time.
- Malicious intent: This is common among employees the company terminates. They may want to take revenge and see the company fail. These individuals knowingly take sensitive and confidential data to use against their former companies in their new jobs. They may also destroy important data to get back at the company.
It’s important to keep an eye out for suspicious behaviors involving departing employees and company data. Some warning signs include:
- Copying information to personal devices and drives
- Missing documents from an employee’s computer or company drive
- Emails between departing employee and competitors
- Spikes and drops in email activity
How to Protect Your Data
First, the company should have measures in place to ensure that employees are not transferring company data to personal devices. Sometimes, this is unavoidable due to the nature of the job. When an employee leaves, have measures in place to wipe data from their drives and personal devices.
Additional data protection best practices include:
- Encrypting data
- Limiting employee access to sensitive data
- Having an effective backup policy
- Implementing authentication processes
- Ensuring consistent visibility of corporate data
- Managing personal electronic use
Armstrong Archives is here to provide top-quality data protection support. Contact us today to learn more about our records management and consulting services for companies in the Dallas-Fort Worth area.
>Posted By: Sherri Taylor – President/Managing Partner
Sherri Taylor is the Managing Partner and President of Armstrong Archives, one of the largest independent records and information management companies in the Dallas/Ft Worth area.