In my last post, I wrote about the risks facing businesses when there is a departing employee. It can be fairly argued that in the next 3 years your average business will have to deal with a disgruntled, departing employee. The employee will have had access to confidential information in digital form. Studies have shown that greater than 50% of disgruntled employees and 90% of IT employees will take something. So what can a business do to protect itself from theft of clients, confidential information, and trade secrets? Here are a few tips:
1.Strong Contracts. I often say that Legal Zoom = courtroom doom. Many folks go to online websites to get cheap, low cost non-compete or confidentiality agreements. There are circumstances where you can get a decent contract that will help your business from these online sites. However, too many times I have reviewed the low cost, canned contract of a client and found significant problems with the contract. If you want to have a contract that will have a better chance of standing up in court, you are best served by hiring an attorney well versed in these areas. Relying on a form contract from a website is not recommended.
2.Strong Policies. Any workplace policy should include strong electronic monitoring policies prominently posted in break rooms and in the employee handbook. Ideally, the policy will spell out that the company can and will monitor the company owned computers and all communications and information stored on them. You also want to have strong password policies, auditing of file access, and guards against deletion. You also should seek to have visibility by your IT department for all activities on work networks.
3. Intake Checklists. Upon employee intake, your business will want to have a checklist that documents all the necessary items covering confidential information. You will want to document all the devices issued to the employee, review the details of the contract (non-compete or non disclosure), and review all policies of electronic monitoring.
4. Internal Procedures. Essentially, what a business needs to have is an enterprise fraud management plan. This would include security related technologies for the electronic information and data stored by the company. You will want to include mobile device management. Your plan will want to classify data and restrict access based on the classifications. Your plan will want to include auditing and tracking of data.
5. IT Security Checklist. This is a checklist designed for the IT department when an employee departs. This will include shutting down access to the former employee immediately. The list should also include an inventory of the employee devices, evidence preservation, and possible involvement of a forensics expert. There should always be a concern about possible spoliation of evidence when attempting to preserve, inspect, or copy electronic data. Early involvement of an expert in computer forensics is recommended.
6. Strong Exit Interview. A good exit interview can go a long way towards understanding if the departing employee is a risk for theft or use of confidential information.
7. Severance. To give or not to give? A fair severance agreement can be used to create ongoing and continuing obligations for the departing employee with respect to confidential information or intellectual property. Also, if you failed to have a good contract in place during employment, a severance agreement is a good way to correct previous mistakes in the employment contract. Further, in some circumstances, a fair severance agreement can reduce the level of hostilities and thereby reduce post employment risks.