How to Prevent Terminated Employees from Stealing Company Data
The conversation with a friend last week went like this:
Me: Congratulations on your temporary retirement.
Friend: Thanks. Now the fun begins. (Cringe. Twitch. Sigh.)
Me: Uh oh. What happened?
Friend: Can the company tell when I copied files from my desktop to a USB drive?
Me: Yes, and since you're worried about it, they've probably already done it.
Friend: Oh well. I'll just deal with it.
When he should have asked this question: Before he did it, not after.
The better question he should have asked himself: Sure, I have an ax to grind. I'm out of here. But is taking proprietary company data the right thing to do? Am I a better person than that?
It's one that happens more often than it should.
Your company data is a valuable asset that shouldn't walk out the door with an employee. Keeping the digital as well as the physical lock on your information store is responsible leadership. If you're an SMB this can be especially challenging. You don't always have the watchful folks you need on your team.
Outsourced IT providers typically focus on reactive support rather than strategic awareness. Unless you ask them to specifically implement the safeguards you need, they probably won't suggest them.
The internal employee who supports your day-to-day IT needs is a valued team member. However, unless you have one of those exceptional big-picture folks, they're likely to overlook your data loss risks. It's simply not in their frame of reference.
For companies with a skilled full-time IT team, implementing data loss prevention techniques should be a core part of their responsibilities. This includes not only preventing outside threats but also the more insidious risks from employee theft.
If your company uses Windows, you have a wealth of system administrator tools included. Microsoft 365 plans for business are especially powerful and effective at proactively managing your risks. Implementing these safeguards is done by an outsourced IT provider or internal technical team member with solid knowledge and experience. We recommend skipping any DIY temptations.
For You Curious Leaders
If you're like many tech savvy company leaders, you want to understand how tools and technologies contribute to your operations -- without getting lost in the weeds. Let's talk about one Windows tool that system administrators rely on to streamline technology management.
This is called Group Policies.
Think of it as a set of rules that are applied once and follow every user and device in your company. This is a powerful, effective tool because it defines in one place what users can and cannot do without having to touch each device. For remote users this is especially useful. It doesn't matter where they are; they are still controlled by the same rules as if they were working in the office.
Group Policies are like your company's default policy. As a leader, you decide who has access to what files, applications, and resources within the company. The Group Policy rules ensure that your guidelines are enforced.
Here are just 4 of the many rules that reduce the risk of data wandering away.
1. Disable USB Drives
What it does: Prevents employees from attaching a USB or external hard drive to their desktop or laptop.
Why it matters: One of the easiest ways for employees to steal company files is to copy them to an external device. Malware can also easily be transferred to company devices from an external device. Disabling this feature is a smart security measure.
2. Disable Remote Desktop Access
What it does: Prevents employees from connecting to their office desktop from a home or other personal device.
Why it matters: Remote desktop is a built-in Windows feature that is enabled by default. Limiting this access to only a select group of employees such as IT support is a sound security measure. If a terminated employee has a remote link or their password is still enabled, blocking remote access prevents intrusion.
3. Restrict Access to System Settings and the Control Panel
What it does: This prevents employees from changing or disabling settings on their local device.
Why it matters: Bypassing security settings can prevent tracking, logging, and compromise security. Using my friend as an example: If his company has implemented proper security logging, they can easily detect what files he copied to his USB drive and when. Stopping an employee from changing these setting is critical.
4. Enable the Auditing Feature
What it does: Keeps an ongoing log of what users are doing on their devices, such as when they logged in, what files they accessed, and what changes they made to the device.
Why it matters: These logs are the roadmap that leads to any suspected theft or unauthorized activity.
You can't manage what you don't know you have. An asset inventory is a must for every company. It doesn't have to be fancy or complicated. A spreadsheet will get you started, but this isn't as effective as a real-time asset management service.
Define who in your company should have access to what information. This is the first step in restricting access and implementing effective policies. As the leader, you are responsible for protecting and ensuring ongoing monitoring of all assets.
Ask your IT team or outsourced IT provider to implement the basic Group Policies above. Don't just take their word for it. Include as part of their work a plain English written description of each policy, who it applies to, what it does, and how it is being monitored. Review and update these policies regularly.
Disable file sharing and external downloads where it's not needed. This includes downloads from OneDrive, Dropbox, or Google Drive. Limit large file downloads. Require written approval for file sharing outside the company.
Implement Mobile Device Management (MDM) on laptops and phones. It allows for the remote wiping of devices and the removal of company accounts from personal devices. This feature is included with 365 Premium and higher.
Watch for the telltale disgruntled employee signs. Most data theft happens before you know the employee is leaving. Ask IT to monitor unusual activity. Are large files being downloaded? Is someone accessing files or applications they normally don't use? Be proactive and shut down access immediately.
Make policy enforcement part of your offboarding process. Disabling accounts, forwarding emails, and locking down access are all essential steps. But making it unambiguous what an employee can and cannot take with them when they leave should be part of your enforceable company policies.
These guardrails are the beginning of a sound, enforceable data protection program. It starts with clear expectations and execution. It serves your company when it is continuously monitored, reviewed, and updated.
Me: Congratulations on your temporary retirement.
Friend: Thanks. Now the fun begins. (Cringe. Twitch. Sigh.)
Me: Uh oh. What happened?
Friend: Can the company tell when I copied files from my desktop to a USB drive?
Me: Yes, and since you're worried about it, they've probably already done it.
Friend: Oh well. I'll just deal with it.
When he should have asked this question: Before he did it, not after.
The better question he should have asked himself: Sure, I have an ax to grind. I'm out of here. But is taking proprietary company data the right thing to do? Am I a better person than that?
That's a True Story About a Departing Employee Stealing Company Data
It's one that happens more often than it should.
Your company data is a valuable asset that shouldn't walk out the door with an employee. Keeping the digital as well as the physical lock on your information store is responsible leadership. If you're an SMB this can be especially challenging. You don't always have the watchful folks you need on your team.
4 Simple Safeguards Every Company Can Implement Now to Prevent Data Theft
If your company uses Windows, you have a wealth of system administrator tools included. Microsoft 365 plans for business are especially powerful and effective at proactively managing your risks. Implementing these safeguards is done by an outsourced IT provider or internal technical team member with solid knowledge and experience. We recommend skipping any DIY temptations.
For You Curious Leaders
If you're like many tech savvy company leaders, you want to understand how tools and technologies contribute to your operations -- without getting lost in the weeds. Let's talk about one Windows tool that system administrators rely on to streamline technology management.
This is called Group Policies.
Think of it as a set of rules that are applied once and follow every user and device in your company. This is a powerful, effective tool because it defines in one place what users can and cannot do without having to touch each device. For remote users this is especially useful. It doesn't matter where they are; they are still controlled by the same rules as if they were working in the office.
Group Policies are like your company's default policy. As a leader, you decide who has access to what files, applications, and resources within the company. The Group Policy rules ensure that your guidelines are enforced.
Here are just 4 of the many rules that reduce the risk of data wandering away.
1. Disable USB Drives
What it does: Prevents employees from attaching a USB or external hard drive to their desktop or laptop.
Why it matters: One of the easiest ways for employees to steal company files is to copy them to an external device. Malware can also easily be transferred to company devices from an external device. Disabling this feature is a smart security measure.
2. Disable Remote Desktop Access
What it does: Prevents employees from connecting to their office desktop from a home or other personal device.
Why it matters: Remote desktop is a built-in Windows feature that is enabled by default. Limiting this access to only a select group of employees such as IT support is a sound security measure. If a terminated employee has a remote link or their password is still enabled, blocking remote access prevents intrusion.
3. Restrict Access to System Settings and the Control Panel
What it does: This prevents employees from changing or disabling settings on their local device.
Why it matters: Bypassing security settings can prevent tracking, logging, and compromise security. Using my friend as an example: If his company has implemented proper security logging, they can easily detect what files he copied to his USB drive and when. Stopping an employee from changing these setting is critical.
4. Enable the Auditing Feature
What it does: Keeps an ongoing log of what users are doing on their devices, such as when they logged in, what files they accessed, and what changes they made to the device.
Why it matters: These logs are the roadmap that leads to any suspected theft or unauthorized activity.
What Else Can You Do to Lock Your Doors
You can't manage what you don't know you have. An asset inventory is a must for every company. It doesn't have to be fancy or complicated. A spreadsheet will get you started, but this isn't as effective as a real-time asset management service.
Define who in your company should have access to what information. This is the first step in restricting access and implementing effective policies. As the leader, you are responsible for protecting and ensuring ongoing monitoring of all assets.
Ask your IT team or outsourced IT provider to implement the basic Group Policies above. Don't just take their word for it. Include as part of their work a plain English written description of each policy, who it applies to, what it does, and how it is being monitored. Review and update these policies regularly.
Disable file sharing and external downloads where it's not needed. This includes downloads from OneDrive, Dropbox, or Google Drive. Limit large file downloads. Require written approval for file sharing outside the company.
Implement Mobile Device Management (MDM) on laptops and phones. It allows for the remote wiping of devices and the removal of company accounts from personal devices. This feature is included with 365 Premium and higher.
Watch for the telltale disgruntled employee signs. Most data theft happens before you know the employee is leaving. Ask IT to monitor unusual activity. Are large files being downloaded? Is someone accessing files or applications they normally don't use? Be proactive and shut down access immediately.
Make policy enforcement part of your offboarding process. Disabling accounts, forwarding emails, and locking down access are all essential steps. But making it unambiguous what an employee can and cannot take with them when they leave should be part of your enforceable company policies.
The Bottom Line
These guardrails are the beginning of a sound, enforceable data protection program. It starts with clear expectations and execution. It serves your company when it is continuously monitored, reviewed, and updated.
Discover Practical Knowledge Sharing for Business & Technology Leaders
If you've ever searched for a place to connect with business leaders without the ads, sales pitches, and usual social media clutter, you know how hard that can be.
That's why we created Studio CXO. We're business leaders like you who know there can be a better way.
Explore Studio CXO Now
Free Online Cybersecurity Risk Appetite Assessment
Start with these 20 no-wrong-answer questions to guide your cybersecurity planning.
Then get your free ebook After the Risk Assessment Next Steps
Free Online Cybersecurity Risk Tolerance Assessment
Discovering how much risk you're comfortable taking is smart strategic thinking.
Then receive your free ebook After the Risk Assessment Next Steps
Linda Rolf is a lifelong curious learner who believes a knowledge-first approach builds valuable, lasting client relationships. She loves discovering the unexpected connections among technology, data, information, people and process. For more than four decades, Linda and Quest Technology Group have been their clients' trusted advisor and strategic partner.
Tags: Data Security