An Unhappy Ex-Employee Can Threaten Your Data Security 14:39, May 18, 2017

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

Our Resources

An Unhappy Ex-Employee Can Threaten Your Data Security

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

We’ve written before about how a company’s data security can be compromised by employees, whether through insider negligence or through unauthorized sharing of files. But an ex-employee who is fired, or who leaves under less than favorable circumstances, can also wreak havoc with your data on the way out the door.

One case in May 2017 illustrates how damaging a theft of data by an ex-employee can be. A patrol officer at a security company resigned after being caught falsifying timekeeping records. He had illegally obtained a username and password and discovered that he could access the company’s payroll system remotely from his patrol car, and he started racking up many overtime hours by logging four hours of time for every one-hour lunch period.

After he left, he hacked the security company’s website, stole proprietary software to use in a security company that he was developing, and used the company’s files to poach clients away from his former employer.

A court found him guilty and awarded the security company over $318,600 worth of damages relating to overpayments to the ex-employee, the cost of other employees’ time to rebuild databases and files, lost income from customers who were poached away, and the cost of replacing hardware, among other costs.

Data Security Precautions for Current Employees

Employers should remember to take precautions to protect their data even from current employees. Not only can failure to protect data be an unfair practice under the Federal Trade Commission Act, but employees will have a harder time stealing information that they don’t have access to before they leave. Employees’ access to data should be limited so that they have access only to the information that they legitimately need to perform their jobs. Remote access should be limited when possible.  

Termination Process

Employers should have a termination process that includes monitoring their systems when an employee’s termination is negative. Even when a separation is mutually agreeable, employers should change passwords and deactivate accounts. Although employees sometimes do steal confidential information to start a competing business, that’s not the general rule. It’s not unheard of for employees to break away amicably and start their own companies. Instead of assuming that an ex-employee is out to steal something, employers can do themselves a favor by emulating the attitude of Fortune’s David Galloreese, who writes that “There’s no such thing as an ex-employee.”

Galloreese reminds employers that an ex-employee “can be an ambassador (much like a customer) that sings your good praises and refers you job candidates; they could become an actual customer, or they might even come back to work for you someday.” Employers who take actions like supporting their current employees, and conducting serious and respectful exit interviews when employees leave, are creating “a framework for a permanent change in how employees are treated by your company as they move on.”

LawRoom (powered by EverFi) delivers online training to help your business meet compliance requirements both dynamically and scalably. In addition to our award-winning online courses, LawRoom delivers a robust, cloud-based learning management system to help you easily deploy and track our growing library of ethics, anti-harassment, data security and employee conduct courses.

You might also be interested in...

  • Don’t “WannaCry”? Take Charge & Raise Cybersecurity AwarenessJune 1, 2017 Don’t “WannaCry”? Take Charge & Raise Cybersecurity Awareness If even the National Security Administration (N.S.A.) can have its secrets stolen and exploited, what about private companies that have profit (not data security and intelligence) as their prime directive? According to the New York Times, cybercriminals turned stolen N.S.A. hacking tools […] Posted in data security
  • Protecting Humans From Data Security AttacksMay 10, 2017 Protecting Humans From Data Security Attacks Metrics and narratives are all the rage in compliance. Metrics allow companies to benchmark and measure compliance program effectiveness, business risk, and, increasingly, employee behavior. And adult learning research shows that narratives are an effective way to teach adults new […] Posted in data security
Christine Day
Christine Day is a legal editor at EverFi. She writes about employment law issues and tracks case law and legislative and regulatory updates. Before joining EverFi she worked in legal publishing, researching and writing about tax law, business law, and employment law. She earned her JD from the University of San Diego Law School and her BA from the University of Southern California.

Leave a Reply

Leave a Reply

White Paper
Data Security training
for employees

  |   Download White Paper


Compliance Course Catalog
  |   Download Catalog