As staff levels change, business owners need to make sure they follow all the proper procedures to ensure the safety of their physical and digital assets.
As Samantha Ann Schwartz, reporter for CIO Dive, observes:
Prior to COVID-19, companies had modest levels of remote employees and policies to facilitate onboarding and offboarding. Now, if a company lays off [remote] workers, it has to track their connections to data and which devices they used to access it in order to collect devices....
[This] is usually done with a spreadsheet and it doesn't work out well, especially with a predominantly remote workforce.
Recovering physical and digital assets
Recovering assets is relatively simple for employees in the office, but it's much more complicated when employees are working from home.
"Retrieving managed devices from a remote workforce can be convoluted", Anurag Kahol, CTO and co-founder of Bitglass, told CIO Dive.
Companies have to consider things like:
- Who pays for packing and shipping? Where does it ship to since offices are closed?
- Who will inspect the equipment upon return? If it's returned in a damaged condition, who pays for the repairs?
- How do these costs affect the employee's final paycheck or severance?
These matters are not trivial, and to further complicate matters, in many states, companies are required to send out an employee's final paycheck within days of termination. Companies must be fully prepared in order to execute all these steps within a short window.
Terminating credentials and access
In addition to assets, companies need to ensure credentials and access are also terminated and any corporate data downloaded onto personal system and devices must be purged, especially data containing personal, client or confidential data.
65% of companies allow employees' personal devices to access corporate apps and systems, according to data from Bitglass. Of those companies, less than one-fifth have data loss prevention controls established.
Companies need a process to identify where and how corporate data is accessed, especially sensitive data.
Those places need identification before an employee is terminated. "Otherwise, for months or years after an employee leaves, the company will think that they've taken them out of the system, but they really haven't," said Robb Reck, CISO of Ping Identity.
Without proper governance and oversight, companies risk not knowing where their data is or who has access to it, which is a huge issue in this age of rising cybersecurity and privacy concerns. That's why it's so important to have a playbook for onboarding and offboarding, because companies cannot afford to be haphazard about these issues.
Contact Us Learn how Pipeline is helping other businesses work smarter and grow faster without the hard work.
-
CIO Dive: Amid layoffs, companies track down and repossess remote employees' data access, devices
Businesses need a structured, scalable and complete offboarding process to handle recovering devices and credentials, which many companies just don't have.