How Not to Lose Customers When Employee Leaves the Company
A recent study revealed that 83% of the ex-employees accessed the accounts of their former companies. In fact, 24% of the ex-employees affirmed to have kept their profile credentials active intentionally. Although it's challenging to discern the psychology behind this kind of behaviour, the more alarming consequence is that 56% of the ex-employees had malicious motives and were trying to sabotage their former companies.
Things become quite problematic when the ex-employees become a threat to the organisation. They start using the profile and the data to steal the identity of the customers, forward/sell the information to other organisations or to an unscrupulous rival, and violate the intellectual property of their former employers.
But because there are no set policies, managerial capabilities, and adequate toolsets to deal with such problems, businesses often find themselves on the wrong side of combating this menace. More so, the management finds it quite puzzling to find out the root cause of such threatening malpractices.
With the majority of organisations not being aware of the reasons behind the account takeovers and not being able to predict the events that cause these aftereffects, it's imperative that businesses put some rules in place, single out these intrusive activities, and ensure that the adversaries that do these things are immediately dealt with.
How Can Employees Harm Your Business When They Leave the Company
In alignment with the study mentioned above, a recent analysis also confirmed that more than 70% of the departing employees took their employer's hard-earned valuable data along with them. This can put an organisation in harm's way. For instance, it can lead to the following:
A Loss of Customers
The departing employees may have used the company's proprietary data to mislead customers or transferred or sold the valuable data to the competition or a third party. And suppose the sensitive data was modified or corrupted by departing employees. In that case, there is a possibility that your customers would lose faith in you — eventually leading to the deterioration of the relationship.
Loss of Regulatory Data
Regulatory compliances are of particular importance. When the departing employees take data subject to regulatory compliance, it can lead to the company incurring penalties and a damaged reputation, as well as a setback to the business.
Loss of Competitive Edge
Of course, an advantage obtained by your competition (through ex-employees) gives them leverage to conquer your market share. They can enter the market using your infrastructure, trade secrets, and misappropriated customer data.
The administrative costs associated with rectifying actual or potential losses and reinstating critical controls for minimising the damage will surely add up.
No doubt, then, that 74% of the employers report having been harmed by the breach carried out by a departing or ex-employee.
What Can Be Done to Avoid This from Happening?
The best way to prevent this is to have clear governance and policies in place to deal with such cases. These policies, in tandem with technological interventions, should serve as a deterrent for such incidences. To that end, let's take a deep dive into the actions one can take to secure and protect the organisation from these threats.
Understanding the Possible Reasons
Unauthorised data access practised by ex-employees could be attributed to a variety of reasons. For instance, it can be purely malicious - employees might desire to settle scores with their employers or vengefully damage their reputations. On the other, it can be totally unintentional, with employees having no idea (or awareness) about the fact that they are breaching the policies set by the organisations. Given the vast differences in these reasons, the cause has to be identified and addressed so that the corresponding measures can be drawn.
And what could the possible measures be? That's what the policies set the tone for. It's important, though, that the policies provide end-to-end coverage - i.e. when employees are working within the company, when they are departing, when they have been fired, and when they're working with another organisation. Clearly, this cannot be achieved with a single policy. Integration of multiple such policies is the answer. Besides, the policies should be thoughtfully drafted to serve their purpose better.
Here's a checklist to ensure that all the stakeholders (especially the ex-employees) are entirely comfortable with the stipulations of the policies.
Ensure that the policies are well-written and clearly outline the necessary requirements
Ensure that all the policies have been communicated to all the employees.
Make sure that in case of violations, the actionable course of action has been clearly laid out.
Clearly state on what grounds, for what reasons, and for what duration of time the policies can be enforced by the organisations.
Clearly spell out a timeline for the employees to adhere to the policies.
Make sure the identification and verification guidelines are well-defined.
Weave in the use of technological interventions (like control systems) to further secure the organisation and its data.
Initiatives started by organisations can help in their own way, but a far-reaching solution is technology. Implementing monitoring systems - the latest addition to the arsenal of tools - can help restore data and files that have been compromised by departing or ex-employees. Here's a more profound look at how one can defeat the incursions.
a. Implementing Control Systems
Control systems, in the technical realm, can be described as tools that help in the day-to-day monitoring of data. They encompass a multitude of security mechanisms created to secure information and prevent dangerous or malicious activities.
For instance, Clever Control's employee monitoring solution offers capabilities like keylogging, screenshots and visual reporting, internet usage tracking, social media and IM tracking, application monitoring, printer tasks tracking, external storage device tracking, etc. Such capabilities can help inhibit sensitive information from being accessed and harmful updates from being propagated.
Favourably, the solutions' prowess doesn't end here. For instance, control systems can come in handy for work time tracking where clock-ins and clock-outs, inactivity time, attendance, productivity, etc., can all be monitored. This is exceptionally beneficial in the hybrid and remote work culture era since these systems can facilitate remote access to employees' systems.
b. Adopting a Unified Content Management System
A Content Management System (CMS) allows for capturing, storing, categorising, viewing and allowing access to the organisation's content assets. It is a system that helps all employees - across platforms and in all departments - to work with the same format and storage mechanism without the fear of losing crucial content. Particular attention, however, should be given to the fact that decision-makers are in control of access to sensitive information. This makes data theft, accidental or intentional, a thing of the past.
While adopting a CMS solution, the focus should be on simplicity, robustness and security. When integrated with a control system, these systems can facilitate smooth content distribution, protect confidential information, address data loss and recover lost data. As such, with the implementation of such a system, the organisation can be prevented from the damage caused by aforementioned incursions.
c. Preferring Virtual Desktops
When the data isn't stored locally on the employees' devices, it's easier for the organisation to protect it. Virtual Desktops do exactly that - they facilitate collaboration, access and control of the data while remaining physically isolated. Such a secure environment helps in fighting the post-acquisition situation, where data would have been compromised unless a proper plan is devised and implemented.
Plus, the advent of Virtual Desktops bodes well with the proliferating BYOD culture amid hybrid and remote work environments. Therefore, they should be deployed at the time of onboarding.
While policies, control systems, CMS and Virtual Desktops are meant to help in fighting ex-employees (mostly the culprits), physical measures like custody of the devices and files are what can help in preventing their infiltration into the organisation. These measures can be comprehensively covered in the above-mentioned policy drafting plan.
In a Nutshell
Updating the existing safeguards and policies is one of the safest ways to prevent ex-employees from silently taking control of sensitive information. The implementation of controls and measures at every level is crucial for preventing data loss, securing networks and protecting the identities of the users.
Altogether, organisations must be diligent in clearly defining the parameters on how departing or ex-employees can be handled. They can also be innovative in their approach by integrating contemporary tools and control systems for end-point monitoring.
The measures detailed above must be ideally converted into actionable policies that make these provisions very clear for everyone. This gives a sense of accountability to everyone who is aware of the provisions whilst also enabling them to follow them. As a result, even the natural inclination to take a copy of an organisation's information can be discouraged.