German

Ex-Employees: All the Best, But Can We Have Our Personal Emails Back, Please?

by VPNHaus | 01/06/2015 |Endpoint Management, Rethink Remote Access

It doesn’t matter if employees leave a company on unpleasant terms or quite amicably – it is absolutely essential that enterprises have solid, well-defined termination processes in place, and that they’re followed to the letter.

In their final days at a company, employees can demand various personal documents, depending on local regulations. A final paycheck and unclaimed vacation days also need to be sorted out. A smooth termination process is a good business practice and documenting it in a written agreement, signed by both parties, helps to avoid misunderstandings. Putting this type of process in place is inexpensive, and in the long run costs nothing at all.

A well-defined process also contributes tremendously to the overall integrity of the corporate network security structure, in that companies that follow these processes, drastically reduce the danger of sensitive information being leaked whenever an employee leaves the company.

As part of the termination process, employees should confirm they have read and deleted all private emails on the companies’ servers, are no longer storing private data in the LAN, have transferred all personal data, e.g. phone numbers, videos, photos and text messages, from company-owned mobile devices, and that all other private information has either been deleted completely or transferred to a private data storage device.

<a href="http://www.hg.org/article.asp?id=30081">decision</a> by the Higher Regional Court Dresden (4 W 961/12) explains, companies that delete the email accounts of their employees without this confirmation are susceptible to indemnity claims by the empl

Employees have obligations as well. They must return all access codes and user credentials for servers, networks and end devices. That includes credentials for VPN access, which is frequently secured with the help of two-factor authentication. Terminating VPN access is especially crucial because ex-employees aren’t easily spotted by the IT staff should they decide to abuse remote access capabilities. These user accounts should be blocked in the VPN management console with immediate effect, after notice is given, and then deleted completely after the employee has worked his or her last official day.

A practical solution to this and other credential-based systems are card-based ID documents that work as authentication devices for all sorts of company resources, ranging from the cafeteria to the data center lock. They are available in contacting and non-contacting versions. If the card is withdrawn or blocked within the management system, all access ceases.

Once access to all electronic information is addressed, what’s left is the immaterial knowledge of the employee about proprietary business information, customer projects and other intellectual property. For this kind of information, a non-disclosure agreement should be a fixed part of the resignation process. Ideally, this type of agreement is prepared by an experienced lawyer and tailored to the specific requirements of the enterprise. The non-disclosure agreement not only covers client data and related information, but also all company-related information that needs to be kept secret. However, even an NDA has its limits.

Some laws prohibit companies from using an NDA as a sort of gag order or oppressive contract for an indefinite period of time. The topics covered as well as the duration and possible repercussions have to be defined explicitly if a company is to claim breach of contract.

7 Security Threats Your May Have Overlooked

 

7 Security Threats You May Have Overlooked</em>, we cover:

- How to handle environments fraught with rogue employees, personal devices, and EOL products.
- A sound approach to security policies and their enforcement, including the important of executive involvement.
- A new way to think about VPN solutions to simultaneously maximize security, flexibility, and ease of management.

Download Now

7 Security Threats You May Have Overlooked</em>, we cover:

- How to handle environments fraught with rogue employees, personal devices, and EOL products.
- A sound approach to security policies and their enforcement, including the important of executive involvement.
- A new way to think about VPN solutions to simultaneously maximize security, flexibility, and ease of management.

Download Now

This website uses cookies

We use cookies to personalize content and analyze access to our website. You can find further information in our data protection policy.

OK