Offboarding Senior Employees: Reducing Information Security Risks
This article was updated on July 26, 2018.
As industry turnover rates rise, HR leaders may recognize a need to design more effective offboarding processes, particularly for departing senior-level employees. The U.S. Bureau of Labor Statistics (BLS) recently reported that separations are at a three-year high, with a quitting rate of 2.1 percent and a layoff and discharge rate of 1.1 percent.
The ADP National Employment Report has found that "job growth remains strong" in the beginning months of 2016. Increased hiring in nearly all sectors could be driving turnover at organizations of all sizes.
Exit processes that are designed to protect an organization's best interests and industry secrets should be considered especially critical in the technology age. For organizations with flexible workplace policies, bring-your-own-device (BYOD) allowances and cloud-based technologies, removing employee access to protected information isn't simple. HR leaders must work closely with IT and legal counsel to develop comprehensive procedures to protect company interests.
Facilitate Knowledge Transfer
When senior-level employees leave their roles, they often walk away with years of contextually based wisdom. Harvard Business Review (HBR) writes "these are the people who have so much tribal knowledge and are so valuable that they become almost irreplaceable." When separations are employee-initiated and coupled with sufficient notice, capturing knowledge could be critical to maintaining competitive advantage.
HBR recommends using formal apprenticeships and team-based learning as tools to acquire knowledge as an employee's time with an organization draws to a close. Optimally, HR leaders should shift toward a culture of knowledge-sharing and documentation, to ease offboarding procedures when there is less notice given.
Reducing Technical Risks
In order to mitigate the risk of data theft, organizations must develop a checklist in accordance with IT departments, which could prevent the risk of data theft. Entech, a technical services and solutions provider, recommends including the following steps to reduce the risk of trade secret or protected information loss:
- Shut down all work station and cloud accesses
- Change email sign-ins
- Establish protocol and a time line for device return
Simple deletion of employee email accounts may not be sufficient for compliance, particularly given many organizational and regulatory requirements for recorded electronic communications. By designating a consistent procedure and time line for the IT team to change email credentials during the employee departure process, you can lessen the risk of unauthorized access after employee departure.
While email and cloud access are among the most common forms of information theft, HR leaders should implement security procedures to prevent less-obvious forms of theft. Increased employee education, email monitoring and security may be necessary to prevent these actions at your organization.
Educating New Hires
Effective offboarding processes don't begin when an employee or employer initiates a separation process. They should begin during the onboarding process, as a mandatory component of new-hire education. Employee responsibility to protect company data and trade secrets should be a visible part of your employee handbook and educational materials and explained in detail to the new employee. This should include the unambiguous definition of trade secrets within your organization, which the World Intellectual Property Organization defines in general as information shared within the context of confidentiality, information that holds commercial or competitive value, and information protected by the owner.
By establishing guidelines for information security and clear repercussions for employee failure to protect trade secrets, HR leaders can begin preparing to mitigate risks from the first day of an employee's time with an organization. By providing signed information protection contracts when an employee provides notice, HR teams can also reinforce an employee's responsibility to protect information on their way out the door.
Technology has introduced a number of new risks into employee separations and departures from an organization. While trade secret and protected information theft is common, HR leaders can engineer a culture and process to reduce those risks.
