New to HR? Templates, tools and development to make you a seasoned pro in no time.
Shawn Premer shows how doing the right thing for employees leads to positive business results.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
To prevent data breaches, HR and IT need to work in tandem when offboarding employees
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
Shortly after she was fired from her job at the City of New Haven recently, a Connecticut woman reportedly snuck back into her former office, copied data onto her personal thumb drive and erased the private health records of 587 people from a government database.
This happened years after an employee terminated from Omega Engineering Inc. deleted all of the company's programs, which cost the Bridgeport, N.J., organization $10 million in contracts and sales.
In this digital age, where data breaches happen mostly online, these examples serve as reminders to HR professionals why policies should be in place to safeguard data not just physically but also virtually.
In the newly released 2017 Cost of Data Breach Study, conducted by IBM Security and the Ponemon Institute, malicious insiders or criminals caused 47 percent of all breaches. "The average cost per record to resolve such an attack was $156," the report revealed. "In contrast, system glitches cost $128 per record and human error or negligence is $126 per record."
Despite this, fewer than half of in-house counsel (45 percent) said their organizations require employees to take training on how to prevent cybersecurity breaches, according to the Association of Corporate Counsel (ACC) Foundation.
"HR has a tremendous opportunity" to educate employees about good cybersecurity habits, said Amar Sarwal, vice president and chief legal strategist for the ACC, in an interview with SHRM Online.
That includes providing guidance about both online and offline behavior, experts said.
"You have to have the right governance in place to make sure [departing employees] can't get into" computer files, said Alvaro Hoyas, chief information security officer at One Login, an identity and access management software company based in San Francisco.
"The challenge is that there are so many places where access is granted to an individual in every company. It's a bigger problem now," he told SHRM Online in a phone interview. And Hoyas' warning doesn't apply just to disgruntled employees who can physically enter an office to commit crimes against a former employer.
"We need to move beyond having a key card or simply taking away people's keys," Hoyas added. "That's not effective nowadays because we have a very mobile workforce." Employees use mobile phones, work remotely on laptops, and log in to company systems from their own computers through shared drives or the cloud.
"You need to manage your employees wherever they exist and wherever they log in from," he said. "Users log in from home, from their office and they can log into apps and e-mails from their own devices. Most of the time companies aren't paying for people's cellphones," he pointed out.
Employers should keep that in mind when an employee leaves and they must cut off access to his or her computer, Hoyas said.
[SHRM members-only HR Q&A: Much of our employee data is now electronic and is accessible via the Internet and mobile devices. What are some best practice approaches to safeguard this information?]
Offboarding Best Practices
The first step, he and other experts said, is to know what employees have access to. That information should be available before an employee's access to computer systems is terminated.
Other steps include:
Was this article useful? SHRM offers thousands of tools, templates and other exclusive member benefits, including compliance updates, sample policies, HR expert advice, education discounts, a growing online member community and much more. Join/Renew Now and let SHRM help you work smarter.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Talent Attraction Study: What Matters to the Modern Candidate
CA Resources at Your Fingertips
SHRM’s HR Vendor Directory contains over 3,200 companies