Letting Go – Securely

We no longer live in a world where employees will spend their entire working careers with one employer. Employers realize that the person they are hiring will one day leave to go to a competitor or customer and the information they gain about your company, customers, and business practices goes with them. This means planning for graceful employee separations, and protecting one of the intangibles of information security -- the information inside the head of each of your employees.

You don't need secret police to secure yourself from insider threats. The goal is to provide access to information employees need and block access to information they don't need.

5 Steps to Secure Insider Information: ROITT

Here are some basic steps employers can take to protect their information when employees are leaving the company.

References - Do your reference checks. Don't limit the check to past supervisors but also confirm the education history. Make the background check appropriate to the job being filled. For example - run a credit check for accountants or a drivers license check for drivers.

Orientation – Your new hires need an orientation that involves reading and understanding companies polices, including written acknowledgement. You'll want to cover confidentiality polices, non-compete/non-disclosures policies, termination procedures, and information security polices.

I-9 - Check the employee's documentation thoroughly. The Social Security Number Verification System online is a good resource.

Tracking –Your IT team can set up and track access based on the user. Sensitive information like employee records, financial transaction records, account numbers and valuable property should be secured when not in use. If an information loss occurs the losses should be documented. Many states, including North Carolina, already have disclosure laws on the books requiring customer notification of information losses.

Termination – Finally, have a plan when an employee decides to leave. This includes succession planning, a policy regarding escorting employees off the premises once notice is given, procedures for revoking computer accounts, and any property to be retrieved. Customers and colleagues should be notified immediately.

It is difficult to build a business. Most employers would never consider leaving their doors open because of physical security concerns. Employers should not leave their intellectual security up to chance either. Be consistent: document your procedures and practices. Train your employees in what you expect and why information is so important. It's not just your company's reputation that may be at stake.

Anne Dickens is a Business Consultant and Human Resourses Specialist at Sage InfoSec.