Who still has access? 3 security steps to manage employee/contractor turnover
Welcome to Day 12 of Business Self-Defense from Microsoft Canada. Today, we focus on turnover and what you need to do when someone, like an employee or contractor, leaves your company. Here are three security steps you need to take to deal with employee/contractor turnover to protect everyone’s interests.
At the risk of stating the obvious, don’t rely on the goodwill of former employees and contractors. When someone leaves, make sure you cut off their access to your apps, data, network, and redirect their email promptly.
Not every breach is a hack or a virus. Just having someone access your organization’s apps and data without authorization represents a breach—and a very serious one at that. A malicious former team member with ongoing/undetected access to your network can wreak all kinds of havoc in a matter of seconds. They can snoop, steal, and delete!
You can change the lock or the security code, but what about your digital security? Can you say with certainty that no former employee or vendor still has access to your network? Time to find out!
The unfortunate reality
Case in point: Ponemon found that almost 60% of terminated employees admitted to taking confidential data prior to going. Whoa! It stands to reason that a business should protect against this risk and implement an “early warning system” to identify any breaches that may occur, or better yet—preempt them.
Clean house! When you move to a modern, identity-driven security, take the opportunity to boot out any unwanted/out-of-date “guests.”
Step 1: Embrace identity-based security
Modern security is about making information available to those who need it and keeping out those who don’t.Identify who needs to know what and grant access accordingly. It’s not disrespectful to restrict access. It’s just good business. Treat it that way. If employees ask you about for an explanation, let them know access has everything to about roles and responsibilities. It’s practical, not personal.
Transparency is wonderful, but employees with unrestricted file access can uncover very sensitive/disruptive information, like salaries and HR reviews.
Step 2: Leverage modern services
Technology has come a long way, fast—including security advancements. Instead of taking a do-it-yourself approach to security (or simply not worrying about it at all), leverage modern services in the Microsoft Cloud instead. You can improve your security overnight by taking advantage of some modern concepts:
99.9% uptime guarantee -> the financially-backed uptime guarantee offered in the Microsoft Cloud, made possible through a global network of datacentres
Multifactor authentication -> a practice that’s flexible enough to empower your people to work across devices without compromising your network security
File-level security controls -> controls, like those in Office 365, that restrict access to files and/or prevent them from being shared, accidental or otherwise
Remote device wiping -> controls that allow an administrator to remotely wipe a device (like a phone or a tablet), if/when it gets lost, broken, or stolen
Disaster recovery -> a plan to keep your organization running without disruption in the event of a catastrophic event, like a natural disaster
Layered security -> an approach to security that addresses every “layer” of security, from physical right down the application and user layers
Step 3: Establish clear & concise policies
Nobody likes red tape, but employees need clear and concise security policies to follow including how to report potential breaches, which will soon be required under Canadian law. If an employee complains about too many policies, take the time to explain the risks, such as fines, reputational damage, and worse.
Help is always at hand
Microsoft has a solution provider network of over 10,000 organizations across Canada. These highly-trained and certified experts can assess and improve your IT security. If you don’t work with a Microsoft partner already, you can find one using this online tool.
Summary
When an employee or contractor leaves, it’s easy to overlook their access to digital assets, like files and applications. Don’t! Protect your data, apps, trade secrets, and other sensitive information by adopting an identity-driven security approach that leverages current security best practices. Control access based on roles and responsibilities then provide your employees clear and concise policies to follow going forward.
Learn more
Weak links in your chain of security defenses—no matter how small—leave your company open to costly breaches. The Identify Weak Links in your Security web experience explores the most common sources of leaks, what they mean for your business, and how you can better protect your network. Website link.