Mage Data strengthens its data security posture with the ISO 27001 certification. READ MORE >

May 24, 2023

How to Protect Corporate Data When Employees Leave

Companies tend to be very good at getting employees to return their physical possessions. Laptops, company cell phones, badges, and other assorted office equipment tend to be returned without much hassle. However, a focus on those physical items can lull companies into a false sense of security, thereby allowing their employees to abscond with their most valuable resource: their corporate data.

Protecting corporate data is essential for continued profitability, and companies can face serious financial and legal hardships if they fail to do so. While protecting corporate data when employees leave might not always feel urgent, the cost of letting employees leave with your data could destroy your business.

The Cost of Lost Corporate Data

While it may seem dramatic to say that lost data can cause potentially fatal damage to companies, it’s a well-attested statement. In late 2020, four lawyers and a paralegal are alleged to have secretly copied client files, correspondence, and firm work, saving much of the information to personal accounts to facilitate a move to a competing law firm. (Worse, the lawyers who left the company are now counter-suing their original firm, claiming that due to an indemnification clause in their contract, the company they allegedly betrayed must pay for and even advance the legal fees for their defense.) While it’s hard to put a dollar value on having to pay for your own sneaky employees’ defense, it’s a safe bet that, with the sheer number of lawyers involved, it won’t be a cheap process.

Note that this is just one case. Employee data theft happens all the time, even in the legal industry, where one might assume that everyone involved would fully understand the consequences, and know better than to do something so unethical.

Employee Data Theft

It’s important to be clear that not all employees steal data maliciously. Sometimes neither the employee nor the company realizes what they have in their possession. That could be data improperly stored on a personal thumb drive for convenience and then kept after the job ends. Or maybe the employee did work on a personal device and didn’t delete the information afterward. In these cases, the employee simply might not realize that they have sensitive data… but that doesn’t mean such data couldn’t cause damage if it ended up in the wrong hands.

That said, insider threats are real. Employees might steal trade secrets, hoping to create a competing business. Or they may steal information with the express intent of leaking it after they leave the company for personal or political gain. They could also steal information and delete it on the company’s original servers for petty revenge, to force a more generous severance package, or to curry favor with a competitor. Whether intentional or not, employee data theft can have painfully serious consequences for a business.

How to Protect Corporate Data When Employees Leave

The good news for businesses is that preventing intentional or accidental employee data theft, while sometimes inconvenient, generally costs just a fraction of what losing that data would cost.

Develop Data Management Policies

If you’re only starting to protect data when employees are leaving the company, it’s already too late. Accidental or intentional data theft or “leakage” can happen at any point in an employee’s journey with a company. Consequently, data management processes must take into account onboarding, offboarding, and the regular course of business to ensure that data is protected at every step along the way. Data management must include securing both hardware and software, including such policies as restricting the ability to use thumb drives on corporate computers and database activity monitoring to ensure that you know who is accessing what data.

Implement an Offboarding Procedure

Once you’ve implemented your data management policies into your daily business rhythm, it becomes far easier to implement your offboarding procedure to ensure that your employees don’t take any corporate data with them. This process will likely include ensuring that all corporate devices are returned, all accounts belonging to the former worker are deactivated, and all physical documents in their possession are accounted for. Having a physical checklist that documents these steps and must be filled out by the worker’s boss or the HR department can help ensure that the proper steps are followed consistently during offboarding.

Have a Backup Plan

Even when you have a plan, sometimes things go wrong. Employees may be unwilling or unable to turn over corporate data immediately. In that scenario, you need to be able to remotely control your company equipment, including laptops and cell phones. That includes being able to track it, as well as being able to remotely wipe data in the event of a doubtful recovery. You’d also likely want to restrict the ability of your equipment to transfer data to personal devices and ensure that your company phones can’t be factory reset to override your security settings. In an ideal world, you would never need to use these features, but you’ll be glad you had them when things go wrong.

How Mage Helps Protect Corporate Data

We’ve repeatedly emphasized that your data security efforts will almost certainly fail if you wait to implement them until an employee leaves the company. There are too many opportunities for your employees to accidentally or intentionally steal data. But what if you were monitoring your sensitive data, tracking who accesses what, and what they do with it, in near real-time? You would be more secure in your day-to-day operations and have a complete idea of what information to retrieve from exiting employees. Mage’s Database Activity Monitoring solution gives you everything you need to track your data and understand how it’s being used. Schedule a demo today to learn more about what Mage can do to help protect your corporate data.