Making a Secure Plan for Exiting Employees

Secure Employee Exit Plan for Small- to Mid-Sized Businesses

When an employee leaves your company, you are more vulnerable to legal issues with data security than normal. Do you have a strong exit strategy for employees?  

Exiting employee

An untrained or negligent employee is one of the top reasons for security breaches. An estimated 47% of companies reported a data breach due to human error, according to a Ponemon study.

Hackers aren’t your biggest threat, your employees are.

And this threat grows with employees that leave your company. As an employee makes their exit (on good or bad terms with the company), the potential for lost or misplaced. At the same time, your company will need to hold on to certain documents for legal reasons after employees leave.

Not only do you have to worry about the security of your company data, you have to worry about the security of your employee’s data. Fraud and identity theft can occur if the wrong information gets into the wrong hands.

Collect Employee Records, Devices and Materials

Documents that have to do with personal information or details about the employee should all be collected. You want to search the employees office, your office, computers on-site, shared servers, electronic devices (personal or company), removeable media (like USB sticks or removeable hard drives), filing cabinets and more. You are going to collect the employee’s items and set them aside in a box for destruction at a later date.

  • Resumes, application, coverletter
  • Tax forms
  • Compensation, job history, timekeeping records
  • Interview records or notes
  • Reference responses and resume verification
  • Performance reviews
  • Dispute records or write-ups
  • Background checks, medical results
  • FMLA and USERRA records
  • I-9 and W4 forms
  • OSHA and COBRA logs
  • Employee contracts
  • Termination forms and letters

From the exiting employee, you will need to clarify what materials and data need to be deleted from their personal computers and devices. Make sure you work with your IT team to know the exact policies on data that must be removed from those devices. While certain elements of work the employee did might be something they use for a future portfolio (like creating brochures or writing company training manuals), other forms of data (think client or patient contact information or certain company records) could be a security breach. Plan for this scenario ahead of time so you can be sure and very specific on what is and isn’t okay.

Get Legal Opinions on Company Policies

When planning on what material needs to be kept before destroying and what would be a concern if left in an employee’s possession, you may want to get lawyers involved. You need to know your own organization’s rules on the handling of confidential materials, but you also have to follow the laws. An annual meeting with your legal team or lawyer will help you understand any recent changes that might force a change in your policies. You want to ensure that updates can be quickly adapted to by your company to avoid unnecessary fines or legal problems.

In order to stay organized and formulate a secure exit strategy for your employees, you might want to outsource tech support. An external tech team can be hired to provide the expertise you need when addressing legal topics on privacy or security. A good team will be experienced in your industry and understand the legal and organizational expectations involved with something like this.

If you need help establishing a strategy for company security issues, like exiting employees, contact us today. You want to avoid disastrous scenarios caused by an unnecessary lapse in judgment or misunderstanding. We can help you examine your current policies and adjust to a higher level of security.