The United States is continuing to undergo a workforce transformation. In fact, over 19 million U.S. workers have quit their jobs since April 2021. In 2021 alone, 4 million people left their jobs, on average. In March 2022 there were 11.5 million job openings in the U.S. It is a common challenge for organizations to ensure that employee departures don’t put the organization’s data at risk.
Whether in the office or remote, today’s employees have a tremendous amount of data at their fingertips, such as:
- HR information and employee data
- Proprietary business information
- Access to information stored in various technology systems
Is the degree of risk big enough to worry over? Yes. 76% of IT leaders feel the offboarding process poses a risk to their organization.
Potential Risk: Employee departures and data exposure
When an employee departs a business, it can oftentimes leave personnel data and proprietary business information at risk of exposure. Did you know that 60% of people in a recent survey claimed that they used data from a previous job to help with their current role? Additionally, 71% of companies surveyed didn’t know how much sensitive data an employee takes with them when they depart.
Here are two examples to help you better understand the magnitude of the potential risk posed by outgoing employees.
Personnel data: With the increased use of distributed teams and new remote working practices, HR information, and employee data, especially Personal Identifiable Information (PII) has never been more vulnerable. The Department of Homeland Security (DHS) defines PII as any information that permits the identity of an individual to be directly or indirectly inferred, such as names, addresses or payment information. I-9 or W-4 forms include sensitive PII, which includes Social Security numbers, financial or medical records, driver’s license numbers and more. HR, and the bevvy of PII and sensitive employee data they have on file, remain one of the most targeted departments by cybercriminals. The fact that there were 22 billion personal records exposed by data breaches in 2021 further drives this point home.
The theft of personnel data happens more often than you think. One employee that left Florida construction company took with him confidential business information, including company bank statements, employee Social Security numbers, among other data.
Proprietary Business Information: Every business, regardless of industry, whether it is media, architecture, cybersecurity, or healthcare, has its own form of intellectual property and proprietary information that must be protected. This can range from software code and patent applications to customer contracts, engagement data, supply chain and pricing information. In one particularly damaging example, a Yahoo employee stole over 500,000 files of proprietary information upon receiving a job offer from a competitor to Yahoo.
Solution: Revoke access upon employee departure
These examples exist in every organization and are not unique. It is imperative that you protect your data even from your most tenured employees. The world is dynamic and fluid. There are no guarantees that your employees will stay with you their entire careers or that departing employees won’t unintentionally, or intentionally, leak valuable data.
Rather than worry about what happens when you offboard employees, deploy a data protection and rights management solution right from the start. Then when an employee leaves you can immediately revoke access to any data they’ve received.
Utilizing a Data Rights Management solution to manage data within an organization, regardless of size, ensures that this first step is a little simpler to take. These solutions ensure that the permissions for, and access to that data itself, can be revoked immediately at any time to keep it from falling into the wrong hands.
With EB Control, fears of offboarding employees mishandling company data is a thing of the past because EB Control lets you decide who accesses your data, when, where and how it’s accessed. When an employee leaves your business, you can quickly revoke access to that data. Keeping your company’s data in your hands, forever.