Employee turnover could be killing your organization: But not in the way you think.
For most managers, the biggest fear is that you lose key personnel, and have to spend time and money finding a qualified replacement. But the real damage from two-week notices could be from users who leave your organization and take your data with them.
A study by the security firm Symantec shows users’ skewed perceptions of information security. Half of the users surveyed said it’s OK to take data from one job to the next. And many weren’t careful with where the data was stored to begin with.
The survey found:
• 41% of users forward business documents to personal email accounts at least once a week
• the same percentage download work documents to personal tablets or smartphones, and
• 37% use file-sharing apps like DropBox or Google Drive without IT’s permission.
The scariest part of the report was that users flat-out didn’t see the problem with taking documents with them when they leave their jobs. And they didn’t think their IT departments cared, either.
Users who thought it was OK to take data from one job to another believed:
• it doesn’t harm the company (53%)
• IT doesn’t strictly enforce policies anyway, so it doesn’t really matter if they take it (51%), and
• most information is available elsewhere anyway (44%).
Clearly, many users have the wrong idea about intellectual property. In fact 42% believe that whoever creates the data owns it, whether it was done as part of the job or not. The fact is that if your organization created the data, it needs to stay within the company.
Here are three steps you can take to make sure users don’t walk out with your data carelessly.
1. Shore up agreements Look carefully at your company’s nondisclosure and noncompete clauses. Make sure these rules include what is and isn’t acceptable behavior from employees when it comes to intellectual property and data. If you don’t want them storing data on non-company devices or in the cloud, spell it out. Make sure the consequences for violating these policies are strong enough to discourage users from doing so.
2. Conduct IT exit interviews Talk with users who are about to leave your company. Ask what apps or tools they used to help them do their jobs and how helpful they were. These interviews:
• give you an idea of what kinds of tools users want available, and
• let you know if a user has copies of their data outside your systems. So, if they’ve been storing information in a cloud account, IT can tell them it must be deleted before they leave the company. This is a nonconfrontational way to make sure your data and intellectual property stay in-house.
3. Try technical solutions. Data loss prevention software can notify your IT people of leaks in real-time. These programs detect data going outside the company from users or malware. While these programs can be helpful to find problems, preventing the leak in the first place – by addressing user behavior – is usually a better bet for protection.
