Does your data stay put when your employees move on? Maybe not. Nearly 60
percent of employees steal company information when they leave or are fired,
with 67 percent of them taking it to a new job, according to a study by
Traverse City, Mich.- based privacy and data protection research firm the Ponemon
Institute. Yet only 15 percent of respondents' employers performed any sort of
review of the digital or paper documents employees were taking.
You, however, should take more
protective measures. Well before employees leave, you should have a plan for how
you're going to protect the data, says Larry Ponemon, chairman
and founder of Ponemon Institute. That includes extra measures for dreaded
scenarios such as the departure of a disgruntled senior manager or IT
administrator.
Here's a guide to preventing data from
walking out the door with departing employees:
Know
your people and keep them happy.
Get to know your employees and determine who may pose more of a risk, whether because they have their fingers on your crown jewels or because they seem unhappy or volatile. Be suspect of new employees who offer to deliver customer lists or other secrets from their previous employer. You could get the same treatment when they move on again, Ponemon warns.
Get to know your employees and determine who may pose more of a risk, whether because they have their fingers on your crown jewels or because they seem unhappy or volatile. Be suspect of new employees who offer to deliver customer lists or other secrets from their previous employer. You could get the same treatment when they move on again, Ponemon warns.
And cultivate a happy work environment. Content employees tend to be more
loyal, while the disgruntled have fewer qualms about taking things. The Ponemon
study found that 61 percent of respondents who were negative about their
company stole data, while 26 percent with favorable views did so.
Set
expectations.
Spell out rules of acceptable and unacceptable use of company information and create a culture of confidentiality. When crafting policies, begin by asking yourself: "What is valuable to your organization?" says Carrie Gates, an engineer at Islandia, N.Y.-based CA Labs. For example, a jewelry company concerned about its designs might want to prohibit employees from transferring design documents to personal email or Dropbox accounts. To boost compliance, explain the reasons for your rules, emphasizing the company's data-control needs rather than communicating distrust of your workers, she says.
Spell out rules of acceptable and unacceptable use of company information and create a culture of confidentiality. When crafting policies, begin by asking yourself: "What is valuable to your organization?" says Carrie Gates, an engineer at Islandia, N.Y.-based CA Labs. For example, a jewelry company concerned about its designs might want to prohibit employees from transferring design documents to personal email or Dropbox accounts. To boost compliance, explain the reasons for your rules, emphasizing the company's data-control needs rather than communicating distrust of your workers, she says.
Have employees sign an agreement that
affirms their understanding of the rules and the need to keep company secrets
confidential. You might consider having employees in particularly sensitive
roles sign separate confidentiality and non-compete agreements, says Teresa M.
Thompson, an employment attorney at Fredrikson & Byron in Minneapolis. Such
agreements can set a tone of seriousness that can prevent misbehavior and
strengthen your legal hand in trying to compel a pickpocket to return what he or
she took.
"Smaller companies … could go
under if they don't take an aggressive position," Thompson says. If
companies in competitive fields don't take precautions, "they're just open
game for people to come and pluck their information and their people."
Put
technology controls in place.
Protect your sensitive data with technology controls that limit access. Salespeople, for example, shouldn't have access to design blueprints. Use tools such as Active Directory from Microsoft or more advanced identity-management software available from Microsoft and many others.
Protect your sensitive data with technology controls that limit access. Salespeople, for example, shouldn't have access to design blueprints. Use tools such as Active Directory from Microsoft or more advanced identity-management software available from Microsoft and many others.
You
also may want to protect sensitive data itself. Microsoft provides
tools for protecting
documents with passwords, encrypting files and folders, and designating who may
access a file. Also consider WatchDox, which offers
higher-end controls for documents on computers andmobile devices (prices vary). Installing
software on laptops and smartphones can allow you to wipe their contents
remotely.
Another
option is data loss prevention (DLP) technology, which can detect and stop data
from slipping through exit points, such as email, instant messaging, thumb
drives, file-sharing services, printers and malware. BeyondTrust offers such a
product called PowerBroker
DLPthat's available to companies of all sizes ($80 per user per
year). Zscaler offers a cloud-based
DLP service that can
help protect data on your network, in other cloud services and in mobile
devices ($1 to $5 per user per month).
Monitor
key employees before they depart.
If you're in a risky situation with an employee -- you think a salesman is interviewing with a competitor or a top designer has given notice, for instance -- consider tracking that person's digital activities. Software from SpectorSoft, for example, can record everything that occurs on company devices and provide reports about suspect activity, including data uploads and downloads. It starts at $99 for one basic license.
If you're in a risky situation with an employee -- you think a salesman is interviewing with a competitor or a top designer has given notice, for instance -- consider tracking that person's digital activities. Software from SpectorSoft, for example, can record everything that occurs on company devices and provide reports about suspect activity, including data uploads and downloads. It starts at $99 for one basic license.
Terminate
access quickly.
Move fast to cut off departing employees' access to the company network, applications, email accounts and physical files. If such workers used your company Twitter or Facebook pages, change the passwords. Ask yourself what other cloud-service accounts you might need to secure. Backupify can help you remove data from Google Apps ($3 per user per month) when employees leave.
Move fast to cut off departing employees' access to the company network, applications, email accounts and physical files. If such workers used your company Twitter or Facebook pages, change the passwords. Ask yourself what other cloud-service accounts you might need to secure. Backupify can help you remove data from Google Apps ($3 per user per month) when employees leave.
People you fire or lay off should be
escorted out and watched to make sure they don't take anything that doesn't
belong to them, including mobile devices and thumb drives. Review email and
other activity during an exit interview or, if you're really concerned, hire a
forensic expert to investigate.
0 komentar:
Posting Komentar