Former Employees – Do You Know What They Have Done With Your Company Provided Laptop?
By Laurence P. Lubka
Lubka & White LLP
As a construction law firm, we do not solely engage in construction disputes. Representing construction firms, we also handle employment matters. One of the great problems is the former employee who has either walked off with the laptop, copied company information (including proprietary data) or returned a laptop which the former employee has encrypted or added a new password. These acts are essentially theft of your company’s hardware and data.
I’ve always had an affinity for things technological and purchased a “portable computer” when that meant a 50-pound box, dual disk drives and a handle. I look back at the great security advantages of having all your data on a floppy disk and nowhere else.
So, back to computer theft. Most computers are simply gateways to the world wide web. To protect your company, there are several layers of security you can add.
- Make sure that only the company is the “administrator” and you limit what changes can be made to the computer. I believe you can also “turn off” the ports, although that would preclude use of flash drives. You can make messing with the laptop somewhat of a challenge.
- Use software or hardware that tracks the physical location of the laptop. Such tracking capacity can make lost or stolen laptops magically re-appear.
- Use software that allows the company to lock out the user. One software, EXO5, will lock out the user if they don’t sign into the corporate site for a certain number of days. Once locked out, the user can only get back in with a password provided by the company. The same software can also be used to encrypt whatever is on the computer.
- Have all business transactions in the cloud. Not only does the cloud back-up the laptop, it can limit what data the user can access. Most importantly, any changes to documents can be limited to changes in the cloud. A good 1-2 punch is to provide cloud access on a chrome book which has no hard drive. That further limits shenanigans.
One drawback to many of these techniques is that they only work when the laptop is live on the internet. Bad guys or gals an avoid many of these technique by turning off WIFI, however there are some locators that do not require use of the internet.
The company might require the employee to regularly provide your MIS staff with an opportunity to log onto the employee’s laptop to see what is and isn’t there.
You can also make provisions in an employment agreement to provide regular access to company provided phones and laptops. These access issues have been and will continue to be an object of controversy, but it can’t hurt to be able to assert the right. Many companies provide phones to which the company has continuing access. This is important where there is a lot of texting, which may not otherwise be copied or recoverable.
The world is at our fingertips. You just don’t want company data to be at someone else’s fingertips.