We are living in an age of unprecedented layoffs, work stoppages, downsizing, and general unemployment. I frequently call out weak corporate termination policies/protocols during discovery health assessments. It is a complicated process with many players, data sources and heightened emotions. Most people hate confrontations or making a scene. Any fuzziness in your separation protocols may result in former employees walking away with corporate data on their BYOD phones or loss of critical data. Have you reviewed or updated your separation protocols to accommodate the surge of employees working remote, taking early retirement or being let go?
I was updating one of my risk assessment tools for a remote engagement and decided to publish the generic version here. My usual process is to interview the primary stakeholders (HR, Legal, IT, Security, Compliance), review existing policies/protocols, build a decision workflow of their current process and then conduct an interactive session where we fix gaps and get consensus on what should happen in different scenarios. It always sounds simple until we start wrestling with executive exceptions, global contractors, home offices and more.
Seriously, the biggest hurdle seems to be how to handle BYOD phones. This needs to be thought out before employees register their phones and start to synchronize their communications, credentials and more on them. Android phones have supported separate work/personal profiles since Android 5.0 release. The last time I checked, Apple was opting for a combination of multiple profiles and managed apps. Many MDM or MAM systems promise to segregate corporate data and wipe it remotely. It practice, I rarely see employees trained and supported to accomplish this. Even if they have a separate work phone number registered to their iPhone, users tend to adopt and abandon every new messaging app faster than IT can get them certified for work use. Sometimes I feel like the messaging teams are playing Yammer/Jabber whack-a-mole. All of this make seizing, copying or wiping an employee’s phone especially nerve wracking. Did you wipe out their departed spouse’s last voicemail? Did you let them leave with pictures of your latest strategy presentations? My better practice includes clear/firm policies, practical protocols, check lists, employee acknowledgements, etc.
Greg Buckles wants your feedback, questions or project inquiries at Greg@eDJGroupInc.com. Contact him directly for a free 15 minute ‘Good Karma’ call. He solves problems and creates eDiscovery solutions for enterprise and law firm clients.
Greg’s blog perspectives are personal opinions and should not be interpreted as a professional judgment or advice. Greg is no longer a journalist and all perspectives are based on best public information. Blog content is neither approved nor reviewed by any providers prior to being posted. Do you want to share your own perspective? Greg is looking for practical, professional informative perspectives free of marketing fluff, hidden agendas or personal/product bias. Outside blogs will clearly indicate the author, company and any relevant affiliations.