In light of the COVID-19 pandemic’s impact on most industries, mass layoffs have been seen across all kinds of companies. Many organizations are struggling to survive & stay afloat and therefore have been quickly firing and furloughing employees. As they do this, especially at this expedited rate, there is a risk that important data is not being properly secured and retracted during the lay off and offboarding process. Lay offs, especially on a grand scale, are challenging on the individuals involved as well as the company as a whole.
However, if companies don’t mitigate some of these risks to data during offboarding, then the company may face a much more significant challenge down the road. In this post we’ll cover some of the key risks of an incomplete or improper offboarding process for employees.
Key Risks to Improper Off-Boarding
The key risk of an unsuitable offboarding process for employees is the potential for the loss of, or damage to, important data. When someone is fired, laid off or furloughed, there is a chance that the relationship between the company and the employee is damaged in the process. If they are not properly offboarded, the old employees could still have access to important data, whether they know or not, which could lead to them deleting or damaging some of this data. If they feel spurned due to the firing, they could do this with mal-intent, but this could also happen unintentionally as they clear old documents off their devices.
The potential for data loss is why companies need to have processes in place for revoking access to company devices, files or any accounts that may contain this important data prior to that person’s final exit from the organization. Regardless of the motivation for this data loss, it poses a great risk to the organization and is something that needs to be carefully managed by the company.
Beyond just the risk of the loss of the data itself, improper handling of offboarding and removing old employees access to sensitive information can lead to HIPAA compliance violations. They could destroy or even leak this information which could lead to an investigation by HHS and eventually the other costs of noncompliance. Fines for HIPAA can cost all the way up to $1.5 million dollars for a violation and can even result in jail time for certain circumstances relating to malintent.
Compromised Intellectual Property
Although companies would like to think that it wouldn’t happen to them, there is always a chance that employees will leave their company with the intent to take intellectual property to a competitor. If employees maintain access to any important data or documents, that increases the chance that they could share a contract or some other form of confidential information with their new company. Protections against this risk should actually begin during the onboarding process where the employee would agree to terms of how to handle this data during and after employment.
As we have seen time and time again with companies that experience breaches or loss of data in some way, is that their reputation is severely compromised in the process. Customers want to be able to trust the company that they are sharing their information with. Data breaches that occur through exiting employees or any other method are very costly to the reputation of an organization.
Additionally, if the data that your organization manages is protected health information, or PHI, then you are required to protect and secure that information to certain standards under HIPAA. Although a ruined reputation will be costly in terms of losing customers, a data breach of health information for companies under HIPAA can result in fines up to $1.5 million and even jail time for individuals in certain circumstances.
Another cost of a high turnover rate or improper offboarding that is not always mentioned is the unnecessary excess of spending that occurs in these situations. In most cases, employers are being charged for some regularly occurring costs for most employees whether that is through licenses or software and applications paid in that employee’s name. If there is not a clear and well-thought out offboarding process, there is a chance that some of these subscriptions and costs may go under the radar. When not caught and cancelled, these incidents can cause wasted spending for the company that are entirely avoidable and unnecessary.
How to Avoid These Risks
Although a company’s offboarding process may not be an obvious top priority, hopefully identifying these risks has helped to show the importance of creating seamless and secure procedures for offboarding employees. In order to avoid data loss, HIPAA or GDPR compliance violations, compromised intellectual property and wasted spending, make sure that you are making employee offboarding a priority for your organization.
This includes simple tasks like revoking access to applications and services, resetting shared passwords and preventing file sharing to other email addresses. Beyond the logistics of protecting the company’s data during the offboarding process, also be sure to do everything you can to ensure that the employees are leaving on a good note. Whether that is through hosting exit interviews or other ways to let the employees know their positive qualities and the value that they brought to your organization.