[This post is the fifteenth in a series. The original post can be found here.]
People inside your office have the greatest knowledge of your systems and where the important data is located. Many of the largest and most damaging cyber breaches have been caused by rogue or soon-to-be-departing employees. You should take steps to reduce the likelihood that a cyber breach will be caused by someone inside your office.
When hiring a new employee, make sure you are diligent. Carefully check their background and speak to references. Look for any red flags on an application letter or résumé, and watch for issues during the interview process. Watch for someone who is withholding relevant information, or who has falsified information on the application.
Assess the overall integrity and trustworthiness of the candidate. Consider doing police and credit checks (after obtaining consent) as persons in financial difficulty may be under pressure and become tempted to steal your firm’s financial or information resources. Doing all these things can help you avoid hiring an employee who could be a problem.
When any employee leaves your firm, regardless of whether they are leaving of their own accord or are being terminated, ensure that your systems are protected. Keep a log of any mobile devices held by your staff (e.g., laptops, smartphones, USB drives, etc.) and ensure that they are recovered immediately upon termination. Immediately close all points of access to your office and computer systems, including keys and access cards, login accounts and passwords, email accounts, and − in particular − remote access facilities. If you discharge an employee who has access to critical company data, let them go without warning (you may have to give them a payment in lieu of notice), and don’t allow them any access to a computer after termination.
There are literally dozens of steps you should complete systematically to make sure all points of access for departed employees are closed down. See the practicePRO website for a detailed “Employee departure checklist”.
Dan Pinnington is the Vice President of Claims Prevention at practicePRO. This article first appeared in the December 2013 issue of LawPro magazine. Reprinted with permission. For more cyber safety tips, visit www.lawpro.ca.