A recent study revealed that 83% of the ex-employees accessed the accounts of their former companies. In fact, 24% of the ex-employees affirmed to have kept their profile credentials active intentionally. Although it's challenging to discern the psychology behind this kind of behaviour, the more alarming consequence is that 56% of the ex-employees had malicious motives and were trying to sabotage their former companies.

Things become quite problematic when the ex-employees become a threat to the organisation. They start using the profile and the data to steal the identity of the customers, forward/sell the information to other organisations or to an unscrupulous rival, and violate the intellectual property of their former employers.

But because there are no set policies, managerial capabilities, and adequate toolsets to deal with such problems, businesses often find themselves on the wrong side of combating this menace. More so, the management finds it quite puzzling to find out the root cause of such threatening malpractices.

With the majority of organisations not being aware of the reasons behind the account takeovers and not being able to predict the events that cause these aftereffects, it's imperative that businesses put some rules in place, single out these intrusive activities, and ensure that the adversaries that do these things are immediately dealt with.

How Can Employees Harm Your Business When They Leave the Company

In alignment with the study mentioned above, a recent analysis also confirmed that more than 70% of the departing employees took their employer's hard-earned valuable data along with them. This can put an organisation in harm's way. For instance, it can lead to the following:

  • A Loss of Customers

    The departing employees may have used the company's proprietary data to mislead customers or transferred or sold the valuable data to the competition or a third party. And suppose the sensitive data was modified or corrupted by departing employees. In that case, there is a possibility that your customers would lose faith in you — eventually leading to the deterioration of the relationship.

  • Loss of Regulatory Data

    Regulatory compliances are of particular importance. When the departing employees take data subject to regulatory compliance, it can lead to the company incurring penalties and a damaged reputation, as well as a setback to the business.

  • Loss of Competitive Edge

    Of course, an advantage obtained by your competition (through ex-employees) gives them leverage to conquer your market share. They can enter the market using your infrastructure, trade secrets, and misappropriated customer data.

  • Administrative Costs

    The administrative costs associated with rectifying actual or potential losses and reinstating critical controls for minimising the damage will surely add up.

No doubt, then, that 74% of the employers report having been harmed by the breach carried out by a departing or ex-employee.

What Can Be Done to Avoid This from Happening?

The best way to prevent this is to have clear governance and policies in place to deal with such cases. These policies, in tandem with technological interventions, should serve as a deterrent for such incidences. To that end, let's take a deep dive into the actions one can take to secure and protect the organisation from these threats.

  • Understanding the Possible Reasons

    Unauthorised data access practised by ex-employees could be attributed to a variety of reasons. For instance, it can be purely malicious - employees might desire to settle scores with their employers or vengefully damage their reputations. On the other, it can be totally unintentional, with employees having no idea (or awareness) about the fact that they are breaching the policies set by the organisations. Given the vast differences in these reasons, the cause has to be identified and addressed so that the corresponding measures can be drawn.

  • Devising Policies

    And what could the possible measures be? That's what the policies set the tone for. It's important, though, that the policies provide end-to-end coverage - i.e. when employees are working within the company, when they are departing, when they have been fired, and when they're working with another organisation. Clearly, this cannot be achieved with a single policy. Integration of multiple such policies is the answer. Besides, the policies should be thoughtfully drafted to serve their purpose better.

    Here's a checklist to ensure that all the stakeholders (especially the ex-employees) are entirely comfortable with the stipulations of the policies.

      Leveraging Technology

      Initiatives started by organisations can help in their own way, but a far-reaching solution is technology. Implementing monitoring systems - the latest addition to the arsenal of tools - can help restore data and files that have been compromised by departing or ex-employees. Here's a more profound look at how one can defeat the incursions.

        Physical Measures

        While policies, control systems, CMS and Virtual Desktops are meant to help in fighting ex-employees (mostly the culprits), physical measures like custody of the devices and files are what can help in preventing their infiltration into the organisation. These measures can be comprehensively covered in the above-mentioned policy drafting plan.

      In a Nutshell

      Updating the existing safeguards and policies is one of the safest ways to prevent ex-employees from silently taking control of sensitive information. The implementation of controls and measures at every level is crucial for preventing data loss, securing networks and protecting the identities of the users.

      Altogether, organisations must be diligent in clearly defining the parameters on how departing or ex-employees can be handled. They can also be innovative in their approach by integrating contemporary tools and control systems for end-point monitoring.

      The measures detailed above must be ideally converted into actionable policies that make these provisions very clear for everyone. This gives a sense of accountability to everyone who is aware of the provisions whilst also enabling them to follow them. As a result, even the natural inclination to take a copy of an organisation's information can be discouraged.