Tips for Protecting Your Data When Letting Go of Remote Employees

Remote positions make it easier to hire the talent your company needs to succeed. Unfortunately, managing remote employees comes with its own set of challenges. One such challenge involves protecting company data when laying off employees working from home. As digital forensics experts, we’ve handled dozens of cases involving the misuse of company information and know what it takes to avoid sensitive data falling into the wrong hands. Employers should follow these guidelines to protect their company’s data when letting remote workers go.

Be Proactive & Have a Plan in Place

Employers should plan for the day when employees leave the moment they are hired. It’s better to be proactive than reactive when company data is at stake. Establish policies regarding company data and how it should be protected and secured. Ensure every employee — remote or in the office — signs an agreement acknowledging they are aware of these policies and understand what’s expected of them. For example, they should know that the data should not be shared during or after employment and that the company has the right to clear company data from personal devices.

Use a Questionnaire or Exit Interview to Find Out Where Company Data Was Stored

Upon the employee’s departure, companies should have them fill out a questionnaire or participate in an exit interview to determine where they may have stored company data. They should also make sure they include a section dedicated to retrieving passwords for encrypted files and systems. Finally, it’s essential to have the employee sign a statement saying that they did not take any data from the company and that all organization-owned devices were returned.

Revoke Access to Company-Owned Systems & Equipment

On the remote employee’s last day, employers should disable that worker’s accounts and revoke access to company systems, third-party resources, and password managers. By doing so, they ensure the employee who was laid off does not have unauthorized access to files, software, or emails owned by the company. Additionally, the employee should ship back any company-owned devices, including laptops, mobile devices, and external hard drives, by a specified date.

Hold On to Returned Devices Before Reissuing

It’s best practice to hold on to returned devices for three months after an employee working remotely is let go or leaves. This holding period gives employers plenty of time to determine if they will need to forensically image the data for an investigation or legal matter. Most often, employee theft and other inappropriate behavior present themselves well before the end of the 90 days. If the person let go was a senior executive or another high-performing employee, it’s a good idea to forensically image the devices before reissuing them even after 90 days.

Perform a Forensic Audit if Necessary

If the company suspects an incidence of data theft, harassment, or any other form of criminal conduct, a forensic audit of the departed employee’s data is necessary. Digital forensics investigations can uncover a host of valuable information, including incriminating files, deleted documents, information about how and when data was transferred, and whether malicious software was added. No matter the employer’s suspicions, an employee’s data can be collected during a criminal investigation to support the employer’s litigation case.

Request the Help of Digital Forensics Experts for Investigations

When letting go of remote employees, protecting your company’s data is essential. If you suspect a data breach or another unsavory act, turn to the experts at Cornerstone Discovery. We offer eDiscovery services throughout Montgomery County and the surrounding areas and can help uncover potential evidence for your criminal case or regulatory matter. Contact us today to begin discussing strategies for strengthening your case and protecting your company data.

Junto

Introducing Junto.

Innovation Meets Design. E-Discovery just got Easier.

From conference room to courtroom, Junto is an innovative e-Discovery web application that provides an easy to use solution for securely reviewing, searching and organizing vast amounts of discovery data. The cloud-based online platform provides Law, Business and Government Agency environments with direct access to information from anywhere in the world. Discover Junto and turn information into powerful results.

LEARN MORE AT JUNTO.NET