In a recent national study, Biscom found that more than one in four employees take company data with them when they leave their job. Although it is usually taken unintentionally, unprotected company information can create a huge security threat. Biscom’s CEO Bill Ho shared some helpful tips to minimize the amount of data leaving your company.
- Establish clear employee policies on handling company data and information
- Make it known that all information, documents, and data created by the employee, or any other employee, are considered company property.
- Incorporate data ownership and handling policies into employee agreements
- Help employees understand policies from Day 1 by adding them into offer letters and company forms.
- Add data protection and security discussions to new employee orientation and training
- This is a good time to communicate policies such as using personal devices to access and complete company tasks, and using consumer versions of file sharing and collaboration tools.
- Understand how to recognize an attack or social engineering ploy
- Knowing when and how to cancel accounts, block access and deny permissions will be key in protecting company data from internal threats.
- Encourage reporting of suspicious activity
- Teach employees basic tips on phishing schemes and how to speak up if they suspect an internal threat.
- Train on best practices continuously and often — practice makes perfect
- Hold quarterly meetings on data prevention with all employees.
- Establish data classification and access permissions – limit access to those who need it, e.g. using the principle of least privilege
- Limit control starting with employees who don’t need total access and only give permission to information employees need. Keeping a spreadsheet that lists every employee’s access, tools and apps, can help you monitor and cancel accounts based on roles and if needed, departures.
- Create a response plan and practice it
- Have the mindset of “when” instead of “if”. Having an emergency response plan (EAP) and procedures in place will establish a clear guide on what to do in the event of an attack.