How else can employees unintentionally be sharing a company’s data?
LinkedIn and Facebook profiles can become virtual resumes, on which potential employers can seek out information to see if your employees are a fit for their company. Your employees may be unintentionally using proprietary information, such as department accomplishments, strategic plans, marketing strategies and results, to build their profiles. They are openly sharing these achievements, but at the same time, they could be disclosing to competitors how you do business.
This is tougher to avoid, because fewer companies have developed comprehensive procedures for how social media networks can and should be used by their employees.
How can companies protect themselves from theft of data by departing employees?
The main way is by developing and adhering to policy and through the use of technology. First, you have to realize this is a serious matter and that it really does pose a problem to the company. You have to be willing to devote resources to increasing your security and to outlining the critical issues in your business and focus on those first.
Tighten and/or limit access to data before a layoff or when someone is let go. As soon as people are let go, make sure there is a systematic way to shut down any access that those people had.
Then, look at separation agreements. When you hire people, do you have a statement of what the confidential information is? Do you have exit interviews? Employers should create a list of what employees can and can’t share: ‘Here is what we see as proprietary information. You signed this agreement, and here is a list of things we will and will not allow.’
If people want to commit a crime, whether or not you have a policy or procedure in place, they will find a way. But for the majority of people who take information without the intent of harming their former employer, reminding them of that agreement during the exit interview can stop them from taking your proprietary data.
You also have to have consequences in place. Management must understand the threat. If sharing information could be extremely detrimental to the company’s success, there have to be legitimate consequences. You have to be willing to step out there and tell the violators that they crossed the line, and either remove their access or let them go.
People have to know their violations will be enforced. If not, they will realize it is business as usual and no big deal.
Jonathan Theders, CRA, is president of Clark-Theders Insurance Agency Inc. Reach him at (513) 779-2800 or [email protected].
