Employee data theft
While hackers feature prominently in the public's eye, companies should be more concerned about their employees' unsafe data practices as a risk for the loss of valuable information.
This outline will help you create policies to limit the risk of incoming, current, and outgoing employees
intentionally or unintentionally creating data breaches.
Identify higher-risk employees. This includes, people who have access to critical knowledge and sensitive client data, as well as employees that have high turnover.
Set the policy tone with employees and all new hires. Get employee consent to have screening as a condition of employment. Have higher-risk employees approve of screening upon future termination
Enforce this policy through data analysis. Have a third party conduct an initial screening for sensitive data. Conduct a follow-up screening within 90 days of employee's’ start date
Set a policy for all your employees, including current ones. Restrict access to third-party file sharing websites. In the event that they use these websites for corporate purposes, limit the domains to corporate versions
Create stricter policies for employees with access to highly sensitive data. Those with access to the most sensitive data should have more limitations placed on them. For starters, disallow personal external drives.
Tell everyone about the policy, and implement it. Set a training course for the new policy. Automate notifications for policy breaches, say visits to file-sharing websites. The aim is not to punish, but to notify and educate.
Check for compliance. Regularly check employee activity for signs of potential data breaches, including use of unauthorized hard drives, access to problematic websites.
Once you know that an employee is leaving, inform the employee of your company’s policy about data. Have the employee review company policy for access and use to sensitive data, and have them sign a document indicating that employee has abided by terms of data policy. Give employee the opportunity to share instances of potential policy violations without punishing the employee.
Have a third party conduct a thorough scan of the exiting employee’s hardware for risk points, such as access to problematic websites and use of external hard drives.
Inform the exiting employee’s new employer of the contractual obligations of the exiting employee.