Minimizing Risk in Separation of Employment

Categories:   Syndicated Posts
Article By:  

We are living in an age of unprecedented layoffs, work stoppages, downsizing, and general unemployment. I frequently call out weak corporate termination policies/protocols during discovery health assessments. It is a complicated process with many players, data sources and heightened emotions. Most people hate confrontations or making a scene. Any fuzziness in your separation protocols may result in former employees walking away with corporate data on their BYOD phones or loss of critical data. Have you reviewed or updated your separation protocols to accommodate the surge of employees working remote, taking early retirement or being let go?

I was updating one of my risk assessment tools for a remote engagement and decided to publish the generic version here. My usual process is to interview the primary stakeholders (HR, Legal, IT, Security, Compliance), review existing policies/protocols, build a decision workflow of their current process and then conduct an interactive session where we fix gaps and get consensus on what should happen in different scenarios. It always sounds simple until we start wrestling with executive exceptions, global contractors, home offices and more.

Seriously, the biggest hurdle seems to be how to handle BYOD phones. This needs to be thought out before employees register their phones and start to synchronize their communications, credentials and more on them. Android phones have supported separate work/personal profiles since Android 5.0 release. The last time I checked, Apple was opting for a combination of multiple profiles and managed apps. Many MDM or MAM systems promise to segregate corporate data and wipe it remotely. It practice, I rarely see employees trained and supported to accomplish this. Even if they have a separate work phone number registered to their iPhone, users tend to adopt and abandon every new messaging app faster than IT can get them certified for work use. Sometimes I feel like the messaging teams are  playing Yammer/Jabber whack-a-mole. All of this make seizing, copying or wiping an employee’s phone especially nerve wracking. Did you wipe out their departed spouse’s last voicemail? Did you let them leave with pictures of your latest strategy presentations? My better practice includes clear/firm policies,  practical protocols, check lists, employee acknowledgements, etc.

Written by Greg Buckles

Independent consultant focused on eDiscovery and IG solutions.

All author posts   |