Whilst your people are your greatest asset, they are also your biggest risk to data security. And it is when a member of staff leaves that your company will face one of its biggest risks to data security. Leaving aside the malicious employees who deliberately set out to cause mischief, even well-intentioned members of staff can be the unwitting cause of the loss of data.
Because many employees are willing to work at home in the evenings, or when they’re on the move, they will have downloaded company data onto their phone, laptop, tablet etc, or perhaps emailed data to their personal address. When that employee leaves your employment, it is likely that they will still have the information on their personal devices. The only way you can be 100% certain they can’t take that data away with them is to ask them to wipe all the information on all their devices… but the likelihood of this actually happening is pretty much zero.
You can obviously ask them to return company-owned phones and computers, but there’s no guarantee the employee hasn’t downloaded data onto another device, or onto the Cloud or via Dropbox etc. So any actions you take at this point will be basically shutting the stable door after the horse has bolted.
Preventing future loss
Software companies have developed programmes that can help companies keep control of their data at the same time as affording employees the freedom to work where they choose. Unfortunately, until recently, it has mostly been slow, clunky, expensive, and not necessarily effective. However, the complexities and challenges are being ironed out and it won’t be long before they come down enough in price and ease of deployment to be viable. We expect that over the next 18 months or so, they will be brought into common use.
The basic model is that you would ask your employees to download an agent or app onto each of their personal device/s which will create a secure encrypted storage location or ‘vault’. Policies set by the business will then ensure that any data accessed from corporate email accounts can only be stored in the vault, thus ensuring it remains in a single encrypted location and cannot be uploaded to a third party storage platform. So when the employee leaves the company, you can simply deactivate their account and they will no longer have access to the vault or your systems.
As all of the passwords will be controlled centrally by an administrator, it will be a very simple process to revoke access to the vault when someone leaves the company. Permissions are automatically checked on a regular basis and if your server, for whatever reason, cannot check in with a device, it will automatically deny access.
What do we do?
When a staff member leaves Lumina, we revoke access permissions for every account they had access to. We have a software tool that allows them access to systems without revealing passwords. When they leave, it is therefore straightforward for us to revoke access to our credentials management tool and, in turn, all the associated accounts stored within it.
With good data loss prevention measures in place, you can stay in control and minimise accidental and malicious losses. If you would like to improve your current data loss prevention strategies, contact us to discuss it further.