Get access to the exclusive HR Resources you need to succeed in 2018!
Training, policies and tools to help HR prevent and respond to harassment claims.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Develop your HR competencies and knowledge in-person in 12 U.S. cities or virtually.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
To prevent data breaches, HR and IT need to work in tandem when offboarding employees
Shortly after she was fired from her job at the City of New Haven recently, a Connecticut woman reportedly snuck back into her former office, copied data onto her personal thumb drive and erased the private health records of 587 people from a government database.
This happened years after an employee terminated from Omega Engineering Inc. deleted all of the company's programs, which cost the Bridgeport, N.J., organization $10 million in contracts and sales.
In this digital age, where data breaches happen mostly online, these examples serve as reminders to HR professionals why policies should be in place to safeguard data not just physically but also virtually.
In the newly released 2017 Cost of Data Breach Study, conducted by IBM Security and the Ponemon Institute, malicious insiders or criminals caused 47 percent of all breaches. "The average cost per record to resolve such an attack was $156," the report revealed. "In contrast, system glitches cost $128 per record and human error or negligence is $126 per record."
Despite this, fewer than half of in-house counsel (45 percent) said their organizations require employees to take training on how to prevent cybersecurity breaches, according to the Association of Corporate Counsel (ACC) Foundation.
"HR has a tremendous opportunity" to educate employees about good cybersecurity habits, said Amar Sarwal, vice president and chief legal strategist for the ACC, in an interview with SHRM Online.
That includes providing guidance about both online and offline behavior, experts said.
"You have to have the right governance in place to make sure [departing employees] can't get into" computer files, said Alvaro Hoyas, chief information security officer at One Login, an identity and access management software company based in San Francisco.
"The challenge is that there are so many places where access is granted to an individual in every company. It's a bigger problem now," he told SHRM Online in a phone interview. And Hoyas' warning doesn't apply just to disgruntled employees who can physically enter an office to commit crimes against a former employer.
"We need to move beyond having a key card or simply taking away people's keys," Hoyas added. "That's not effective nowadays because we have a very mobile workforce." Employees use mobile phones, work remotely on laptops, and log in to company systems from their own computers through shared drives or the cloud.
"You need to manage your employees wherever they exist and wherever they log in from," he said. "Users log in from home, from their office and they can log into apps and e-mails from their own devices. Most of the time companies aren't paying for people's cellphones," he pointed out.
Employers should keep that in mind when an employee leaves and they must cut off access to his or her computer, Hoyas said.
[SHRM members-only HR Q&A: Much of our employee data is now electronic and is accessible via the Internet and mobile devices. What are some best practice approaches to safeguard this information?]
Offboarding Best Practices
The first step, he and other experts said, is to know what employees have access to. That information should be available before an employee's access to computer systems is terminated.
Other steps include:
Was this article useful? SHRM offers thousands of tools, templates and other exclusive member benefits, including compliance updates, sample policies, HR expert advice, education discounts, a growing online member community and much more. Join/Renew Now and let SHRM help you work smarter.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Choose from dozens of free webcasts on the most timely HR topics.
SHRM’s HR Vendor Directory contains over 3,200 companies