Article main image
Sep 28, 2016

Terminating employees is never a fun task for HR, but it’s sometimes a necessary function that must be handled properly. Ensuring the organization’s sensitive information remains secure even as internal personnel are let go is a vital part of that function and one that puts HR on the front lines of data privacy efforts. The risks posed by insider threats, such as a disgruntled former staffer with access to the network and other sensitive information, can be greatly reduced with HR’s help through a strategy that marries thoughtful pre-planning with targeted post-termination duties.

Being proactive is crucial

The HR team can begin protecting the organization’s information long before an insider threat arises. Recruitment and staffing professionals should be working with hiring managers to ensure that job responsibilities for each position include data access requirements and authorizations. With this information, IT can quickly flag any access requests that are outside normal parameters. This reduces the risk that an employee may be granted login credentials that are too permissive, or that “accidental” intrusions into protected data might go unnoticed.

As employees are promoted, transferred to other departments or relocated to field or branch offices — moves that often trigger a change in their need to access confidential data — HR must work with the IT and security teams to facilitate the appropriate updates to each worker’s login rights. These job duty transitions aren’t always well communicated across the various support departments and managers often don’t think about the nuts and bolts until the last minute.

HR may choose to take the lead in an effort to ensure that good security practices are an integral part of the process.

Professionals on the HR team are also perfectly positioned to spot suspicious employee behavior that may point to bubbling discontentment. As representatives work through performance or other issues with managers, they should be on the lookout for indicators that an employee harbors a desire to seek revenge or inflict harm on the organization or their fellow staff members. This is especially true during downsizing efforts, which have the potential to create deep resentment among staff. If even a low-level but credible threat exists against the company’s data or network assets, it may be prudent to proactively restrict an employee’s access to sensitive information.

Closing the gaps upon termination

When an employee is let go, particularly when the termination is contentious, it’s crucial that HR work closely with IT to close any security gaps. If strong communication channels don’t already exist, now is the time to build and nurture them. Security groups, including departments that oversee physical access to company buildings and computers, should be kept in the loop when a termination occurs, with discreet notification provided in advance when appropriate. These teams can then begin shutting down access to the organization’s network and other access or connection points as soon as possible.

Contact outside vendors

While IT limits the pathways a former employee may leverage to get into the network, HR should focus on removing access from other directions. Contact any vendors that support the company’s systems or use their own logins while onsite, and ensure they’re aware the terminated worker is no longer authorized to make connection requests or to access the organization’s data. These third-party partners may range from cloud storage providers to off-site archival vendors. If the former employee worked in a group with significant data access privileges, expand the net further to include payroll processing partners and others with high-level internal connections.

Working with the former employee’s manager is another key step in securing protected information. It’s important to maintain the individual’s privacy, of course, but their fellow staff members may know of unofficial channels commonly used to access information that might still be available to the terminated worker. These could include remote-access applications maintained by a vendor, or records that the person is known to have routinely taken home for off-hours work. This investigative process can begin with the former worker’s supervisor and branch out to other employees as appropriate.

Implemented as a holistic program, these proactive and reactive efforts will help HR address insider threats and protect the company’s information against a breach.