Employees who leave a company – whether voluntarily or involuntarily – often cause major data loss that can wreak havoc. A company’s data disclosure can cause immense reputational damage, depending on the type of data. Data loss is often due to human error. It is not uncommon for employees to take sensitive data with them, whether on a USB stick or exporting confidential information via email. The graph below speaks a clear language.

Laptops, hard drives, smartphones and other server systems are often not set up with adequate access locks that could prevent sabotage or intentional destruction of data. Apart from the fact that there are employees who deliberately steal trade secrets and confidential company data, a significant reason for data leaks is probably also the fact that employees are not properly trained in handling data. A global study by Kaspersky Lab in collaboration with B2B International asked companies what they thought was the most common cause of data leaks. The result is that when data leaks out of companies, it is often due to incorrect employee behavior. Another cause of data leaks in enterprises are due to thefts from mobile devices. The 2016 study by Osterman Research also confirms Kaspersky Lab’s finding: […] because a large and growing proportion of employees work at least some of the time from home, if only after normal work hours, they often maintain a rich source of corporate data on their personal desktop and laptop computers, USB sticks, personally managed file sync and share tools like Dropbox, and other locations […]”.

The study contains many practical examples with the consequences (e.g. loss of intellectual property or reputation) [1]. and recommends both organizational and technical measures to minimize data loss due to an employee leaving the company. The exit process is clearly regulated by a checklist. The reclaiming of all computers and mobile devices borrowed from the company, as well as external hard drives, USB sticks, backup CDs, etc. should be mentioned by name. In addition, an inventory of all work documents (hand files) and projects on which the employee has worked should be requested. During the exit interview, the employee’s future plans should be discussed in order to identify and determine any potential risks.

Technical measures to minimize data loss can be ensured by providing ECM systems. The above-mentioned study describes the following recommendation: “It is essential that organizations maintain complete, ongoing visibility of sensitive corporate data across all of their endpoints, cloud applications and any other repositories where data might be stored. An important best practice to accomplish this is he deployment of a content archiving system that will enable the capture, indexing and immutability of content based on corporate policy […]. This policy must include access control, encryption and backup policy. The authentication of sensitive data must also be part of this policy; access to less trustworthy data is protected only by user name and password, whereas confidential or secret information is protected by assigning two-factor authentication.

Conclusion: companies, especially HR departments, are advised to pay special attention to both organizational measures (clearly regulated exit procedure regarding business information) and technical measures to prevent data loss by departing employees.

Ariane Wyss

[1] Osterman Research White Paper: Best Practices for Protecting Your Data When Employees Leave Your Company(https://www.intralinks.com/resources/publications/osterman-report )