fbpx

Protecting Your Important Data When Employees Leave

One of the times that your company’s data and intellectual property are most at risk is when you have a departing employee, be that on their own accord or when they are fired or laid off.

With employees maybe feeling disgruntled after being let go, on the way out some of them will pocket important company data — usually client lists, e-mails, vendor contacts and even proprietary information that is essential to the company’s competitive advantage.

During lay-offs, termination or when someone quits, you need to take steps to protect your data and intellectual property, but there are legal implications as well for how far you can go. Consider the following:

Non-solicitation agreements — These protect you from a departing employee taking with them proprietary, confidential information like client and vendor lists. A non-solicitation agreement bars an ex-worker from going to a competitor and contacting your clients for business.

These are not legal in all states, so check your state laws and consult with your attorneys. In California, for example, non-solicitation agreements are not enforceable.

Non-disclosure agreements — These are different than the above and no states bar them. They focus instead on company data that a competitor can use to harm the business.

These agreements spell out the departing employee’s fiduciary obligations under the law by identifying protected company proprietary and confidential information.

The agreement requires that the employee keep such information secret for a certain period of time. Before huddling with your lawyers, your management team should identify all of your company’s protected data that you feel is worth protecting.

Return and inventory all company property — Before your employee leaves the premises, make sure they have returned all of your property that may contain company information. That would include:

  • Laptops
  • Company-issued mobile phones
  • Originals and copies of company documents the employee has made or received.

Passwords and access — On their last day, remember to delete from your database and systems their user names and passwords and access codes. This could include:

  • E-mail passwords
  • Voicemail passwords
  • Teleconference and intranet passwords
  • VPN access and passwords
  • Building or office lock-access codes.

Make sure to also collect any company ID cards. If you have concerns the employee may try to contact your current customers or vendors for any reason that could be detrimental to your firm, you can consider notifying them that the individual is no longer with you.

Conduct an exit interview — During this interview, you should go over boilerplate information like why they were let go and the importance of not taking with them any physical or intellectual property. 

Ask questions to determine what, if any, company data they may have been privy to or had access to. Also, if you have non-disclosure or non-compete agreements in place, use this time to reiterate the consequences for violating those agreements.

What to look for

It’s more difficult to avoid data misappropriation by an employee who is planning on quitting, as they can start downloading files to a thumb drive in the days before they give notice.

When employees are planning to take corporate data or are in the process of doing so, there are often one or more signs, which can be monitored with the right systems in place:

  • A spike in a worker copying information to the cloud, USB drives, personal devices, e-mail accounts, and more. An increase in such activity could mean that the employee is planning to leave or has gotten wind of an impending dismissal and wants to copy useful information before they go.
  • A surge in documents being deleted from an employee’s laptop or desktop computer. Files may also be deleted from corporate file shares.
  • Sudden spikes or drops in e-mail activity.
  • An employee accessing your customer relationship management system or financial accounts during late nights or very early mornings. This could mean they are scraping your files.
  • The worker is sending to and/or receiving e-mails from a competitor.
Malcare WordPress Security