Tips for Protecting Your Data When Letting Go of Remote Employees
Remote positions make it easier to hire the talent your company needs to succeed. Unfortunately, managing remote employees comes with its own set of challenges. One such challenge involves protecting company data when laying off employees working from home. As digital forensics experts, we’ve handled dozens of cases involving the misuse of company information and know what it takes to avoid sensitive data falling into the wrong hands. Employers should follow these guidelines to protect their company’s data when letting remote workers go.
Be Proactive & Have a Plan in Place
Employers should plan for the day when employees leave the moment they are hired. It’s better to be proactive than reactive when company data is at stake. Establish policies regarding company data and how it should be protected and secured. Ensure every employee — remote or in the office — signs an agreement acknowledging they are aware of these policies and understand what’s expected of them. For example, they should know that the data should not be shared during or after employment and that the company has the right to clear company data from personal devices.
Use a Questionnaire or Exit Interview to Find Out Where Company Data Was Stored
Upon the employee’s departure, companies should have them fill out a questionnaire or participate in an exit interview to determine where they may have stored company data. They should also make sure they include a section dedicated to retrieving passwords for encrypted files and systems. Finally, it’s essential to have the employee sign a statement saying that they did not take any data from the company and that all organization-owned devices were returned.
Revoke Access to Company-Owned Systems & Equipment
On the remote employee’s last day, employers should disable that worker’s accounts and revoke access to company systems, third-party resources, and password managers. By doing so, they ensure the employee who was laid off does not have unauthorized access to files, software, or emails owned by the company. Additionally, the employee should ship back any company-owned devices, including laptops, mobile devices, and external hard drives, by a specified date.
Hold On to Returned Devices Before Reissuing
It’s best practice to hold on to returned devices for three months after an employee working remotely is let go or leaves. This holding period gives employers plenty of time to determine if they will need to forensically image the data for an investigation or legal matter. Most often, employee theft and other inappropriate behavior present themselves well before the end of the 90 days. If the person let go was a senior executive or another high-performing employee, it’s a good idea to forensically image the devices before reissuing them even after 90 days.
Perform a Forensic Audit if Necessary
If the company suspects an incidence of data theft, harassment, or any other form of criminal conduct, a forensic audit of the departed employee’s data is necessary. Digital forensics investigations can uncover a host of valuable information, including incriminating files, deleted documents, information about how and when data was transferred, and whether malicious software was added. No matter the employer’s suspicions, an employee’s data can be collected during a criminal investigation to support the employer’s litigation case.
Request the Help of Digital Forensics Experts for Investigations
When letting go of remote employees, protecting your company’s data is essential. If you suspect a data breach or another unsavory act, turn to the experts at Cornerstone Discovery. We offer eDiscovery services throughout Montgomery County and the surrounding areas and can help uncover potential evidence for your criminal case or regulatory matter. Contact us today to begin discussing strategies for strengthening your case and protecting your company data.