As many as 60% of employees who are laid-off, fired, or quit admit to stealing company data. Sometimes, they download information on their way out the door. Sometimes they email information to a personal email account. And sometimes they simply fail to return a company laptop or other device that contains the data. In the latter case, it costs an average of $50,000 for an employer to replace a stolen computer, with 80% of that cost coming from the recovery of sensitive, confidential, and proprietary information.
When you put this data together, it becomes increasingly apparent that businesses must take proactive steps to protect their technology and data.
In light of these stats, let me suggest a seven-step plan to recovery your devices, and the crucial information stored on them, after an employee leaves your organization.
- Institute a strong Electronic Communication and Technology Policy, making clear that all data and equipment belong to the company, and must immediately be forfeited upon the end of employment. Or, better yet, have employee signed an agreement affirming their obligations regarding the confidentiality of your data and confirming the obligation to return everything at the end of employment.
- Cut off an employee's e-access to your network as soon as you have notice that an employee has departed
- Remind employees upon termination or resignation of their absolute duty to return all data and equipment, including laptops, mobile devices, and removable storage devices.
- To the extent you have the capability, and you have confidence that you have your own back-ups of the employee's data, remote wipe any un-returned devices.
- If any data or equipment is missing, enlist the aid of an attorney to send a clear message that unless everything is returned immediately, the company will litigate to get it back.
- Enlist the aid of a computer forensics expert to determine if, when, and how any data was stolen, and, if so, of what that data consisted.
- Sue.
Notice that a lawsuit against the employee is step seven, not step one. In most cases, going to court is the last resort. It is expensive and time consuming. Yet, it many instances it is unavoidable. And, depending on the scope of the suspected theft and the data at issue, it may quickly move up the list.
* Photo by Simon Hattinga Verschure on Unsplash