A key part of employment – particularly in a good economy – is that employees leave employers on a regular basis. According to data from the US Department of Labor, mean turnover among US-based employees in 2016 was 23.8 percent. That means in an organization of 1,000 people, nearly one-quarter of them will quit or otherwise be terminated during a year’s time, or about 20 people per month.
How do employers ensure that departing employees don’t take important data assets with them when they leave? The answer, it turns out, is that they don’t protect against this eventuality. Our research found that for many organizations, information governance policies, practices and technologies focused on data protection are not well implemented, if they are implemented at all. This puts these organizations at significant risk from employees who either quit or are terminated involuntarily and take with them key data assets, such as customer lists, trade secrets, financial projections, or various types of intellectual property.
Here’s what we found in a recent survey:
- In only 48 percent of organizations can HR data be relied upon to determine when someone is going to leave a company.
- Only 33 percent of organizations are sure they can detect if an employee that has left the company is still using their access to corporate data.
- In only 16 percent of organizations does HR take the lead in ensuring that access to data sources, devices, accounts, etc. is disabled for departing employees.
- Only 24 percent of organizations know when third parties stop working on their systems and data, and only 12 percent know if employees or third parties are sharing access to data through the same account, bypassing any terminations processes.
There are several processes and technologies that organizations can implement that will enable them to gain visibility and retain control over their sensitive and confidential data assets, while assuring that employees are not leaving with these assets. There are a number of technologies that can be implemented to protect corporate data from exfiltration by departing employees, but a governance-based model for user lifecycle management and access management can provide organizations with a high degree of assurance that only the right employees have the right access to corporate data at the right time.
For more information about these issues, please feel free to download our white paper, Protecting Corporate Data When Employees Leave Your Company.