How to Mitigate Knowledge Loss Due to Employee Turnover

Employee turnover is inevitable. In fact, in the last five years, employee turnover has risen from 14.4 percent to 16.7 percent and doesn’t seem to be slowing down. With the steady increase in turnover, organizations ought to be more concerned about knowledge loss, particularly when it comes to business continuity and disaster recovery (BC/DR) procedures.
Man confused because nobody wrote down the BC/DR plan

Here are a couple things you can do to help mitigate the ever-present risk of knowledge loss.

Recruit the Expertise of a Vendor

You might think it’s more efficient and cost-effective to manage all of your BC/DR processes in-house with a dedicated director or team of employees. This is true to a certain extent. Having one employee or even a small team in charge of your BC/DR is beneficial in that these employees are familiar with your business’s culture and processes as well as BC/DR best practices, which allows them to create a highly targeted BC/DR program. But what happens if any of those employees are unavailable during a business interruption or disaster? Or if one of the employees leaves the business? One of the ways to combat this risk is to outsource your BC/DR to a third party.

If you work with a vendor for BC/DR consulting and solutions, you can help reduce the impact of knowledge loss when employees leave your company. Because your vendor is immersed in the BC/DR industry on a daily basis, you don’t have to rehire or retrain a dedicated BC/DR staff member. While the vendor won’t be as intimately familiar with your internal processes as employees are, this isn’t necessarily a bad thing. When it comes to BC/DR, an objective third-party perspective can help you identify interdependencies or inefficient processes you didn’t realize existed.

In addition to helping prevent knowledge loss, you don’t have to worry about a vendor’s support being interrupted by the same power outage, natural disaster or cyber threat that’s affecting your business.

Document All Plans and Processes

Regardless of whether you keep your BC/DR in-house or outsource to a third party, documentation is critical. For one, your employees need to know what to do in case of a business interruption. If they’re in the dark about their roles in the recovery process, that will directly impact your recovery times. Ensure that all key employees — not just those responsible for the BC/DR program — have reviewed the documents and know where to access them.

If you’re outsourcing any aspect of your recovery process, documenting the recovery process eliminates any confusion about which parties are responsible for executing key recovery steps. Don’t forget to update your documentation any time your business experiences changes in objectives, technology or strategies. It’s crucial to keep an updated plan available so you don’t encounter gaps in your BC/DR program.

Employee attrition might be rising, but just because an employee leaves your business doesn’t have to mean your BC/DR effectiveness leaves with them.

Four BYOD Questions You Need to Be Able to Answer

Young people using smartphones
Check your schedule. Pay for your coffee. Read the news. Check the weather. Hail a cab. Jump on a video call. Email your mom. Ten years ago, most people used multiple mediums to accomplish these routine tasks: paper, computer, TV, phone, webcam, etc. Today, many people are using a single device to complete the many tasks that fill their days — and the lines between personal and work use are blurring.

Implementing a bring your own device (BYOD) policy at your company has its advantages — employees can be productive even when they’re on the go, for example — but it comes with risks too. From ransomware to data breaches, there’s a lot to be concerned about.

To even begin to mitigate those risks, you need to make sure you’re able to answer the questions below.  

Do You Know Who's Prying?

Imagine this scenario: One of your sales reps is on the road, but she needs to access and update a contract that lives on your local network.  She stops at a coffee shop and connects to its public WiFi. Little does she know that WiFi hot spot is also the target of a hacker who is swiping unencrypted data from everybody who’s connected to that router. The data sent and received by your sales rep can be easily poached by the hacker and released to the public on the internet, sold on the black market or held for ransom.

Public WiFi hotspots can be a scary place to connect, not because of the location but because you never know who is there to do more than check email. That’s why it’s important to have your employees use a virtual private network (VPN) to connect to the company network remotely. A VPN encrypts the data moving between the employee’s device and the company network, making it much more difficult for a hacker to access the data.

Do You Hear About It When Employees' Devices Go Missing?

Think you felt bad when you recently misplaced your iPhone? How do you think one Apple employee felt when he left an iPhone 4 prototype in a bar in 2010? Lost or stolen devices can give just about anybody instant access to company data if the devices aren’t properly secured. In fact, almost 70 percent of data breaches in the healthcare industry between 2010 and 2014 were caused by stolen devices. A $700 iPhone can feel pretty insignificant compared to millions of dollars in data recovery costs.

Personal and company-provided devices alike can easily go missing. A misplaced smartphone is practically inevitable. However, even minimal security practices can help keep devices from turning into goldmines for hackers. Locking functions such as the iPhone’s PIN code or the Android’s pattern lock can keep people out, while a remote memory wipe program can go a step further by deleting the device’s data from afar. Even if a hacker does gain access to the phone, there won’t be any data for them to corrupt or hold for ransom.

How Often Do Employees Update Their Phones?

Unlock your iPhone and open the App Store. How many updates are waiting for you? Are you using the latest version of your operating system (OS)? Some of us obsess over getting everything updated as soon as possible, but not everybody is in a hurry when a round of updates appears in the queue. Many people resist updating apps and OSes because of functionality problems caused by past updates.

However, not updating OSes and apps can leave devices vulnerable to attack. Most updates exist to fix known glitches or close security vulnerabilities rather than to add or remove features. Even traditional PCs require occasional updates to improve security — smartphones, tablets and apps are no different.

If an OS update is released, have your IT department test it to make sure it doesn’t affect the functionality of any business-critical apps your BYOD employees use. If there are no issues, inform your employees that they need to run updates as soon as possible to help keep company data secure. Also remind employees to routinely update their apps to close any known security holes.

Who's Downloading What?

Daniel was really interested in a particular smartphone app’s organizational features, so he didn’t pay much attention to the terms and conditions or the permissions he allowed when he downloaded it. Daniel unknowingly gave the app access to every bit of data on his phone — from web and search history to emails. What started as a quest to be more productive led to the risk of company emails with sensitive information landing in the wrong hands.

Apps that request broad permissions can be especially problematic if your employees access company email through their device’s built-in email app. These apps typically store email data locally on the device, meaning another app that’s been given access to that data can give hackers or malicious developers the ability to browse confidential corporate emails.

Your employees should always be careful about what they’re downloading to their personal devices, but you should have an acceptable use policy if they’re also accessing company emails or networks from the same devices. Require employees to double check the permissions and validity of every app they use. While it might be tedious and require the deletion of a much-enjoyed app, a security breach sourced from a remote personal device should be treated no differently than an on-site security breach.

Despite the risks, BYOD offers small- to medium-sized businesses an excellent way to avoid the costs associated with purchasing and servicing company-owned devices. However, without strict BYOD policies and procedures, you’re susceptible to data breaches that can turn into nightmares. 

How Should Your Business Prepare for the Internet of Things?

Smart city and wireless communication network, internet of things
The imminent rise of the Internet of Things (IoT) brings you the potential to give your customers the option to connect to online tools they use every day from a growing range of devices.

But before your business can take advantage of the benefits of IoT, like new product opportunities and real-time data that can bolster operational efficiency, you need to make sure your core IT infrastructure can handle the demands of IoT.

A Pew Research Center report predicts that IoT will be thriving by 2025, which may present a danger to businesses that try to advance their products at the same pace as technological advancements — before updating the systems that support them.

Here are a few suggestions on how to prepare your company infrastructure before it’s crippled by the demands of IoT technology.

Prevent System Downtime 

Technological advancements have created a customer base that expects constant accessibility to applications. If your business plans to introduce applications that run on IoT technology, you want to be able to keep customers happy by offering reliable application uptime.

Your business can minimize system downtime by having a clear business continuity plan (BCP). When business interruptions occur, an off-site cloud recovery platform can protect your IT infrastructure and keep you connected to your data and applications. Constant connection with business data is already imperative, but when it comes to IoT applications, connectivity is invaluable.

Adapt to Fluctuating Data Demands

As IoT technology grows, data demands will only continue to increase. Built on cloud computing and a network of sensors that constantly gather data, IoT could potentially overload any company infrastructure that isn’t prepared to store an increasing amount of data.

The 2016 IBM report “Growing Up Hybrid: Accelerating Digital Transformation” notes that forward-thinking organizations are using hybrid clouds, which utilize public and private clouds, to gain a competitive edge in the implementation of IoT and accommodate its high data demands. Adopting a hybrid cloud model for data vaulting can give your company the ability to get ahead of the impending mass of data that your IoT applications may gather.

Protect the Perimeter

IoT offers you the benefit of leveraging data gathered from users in order to improve products or connect with customers more effectively. However, the increased number of devices connecting to your business network offers more entry points for cyber criminals. Your business can guard against the increased risk of hackers by implementing a strong network security system.

An effective network security strategy should include intrusion detection and prevention, deep packet inspection, port scanning, protocol inspection, perimeter anti-virus and malware blocking. To safeguard your business, look for a network security solution that doesn’t require the purchase of additional modules or applications. Having multiple separate security modules or applications can create gaps in your cybersecurity, making your business more vulnerable to cyber threats like malware and hackers.

Cyber crime has steadily risen in the past few years, and IoT technology promises to contribute to this growing threat. Before offering an application that runs on an IoT device, fortify your company infrastructure so the increased cyber risk doesn’t take you by surprise.

To fully capitalize on IoT, make sure your business has a clear BCP, an adaptable method for data vaulting and a strong network security solution in place.

How does your business plan to implement IoT? Let us know in the comments! 

How Can Cybersecurity Help Grow Your Business?

Business Success GraphAs cybercrime increases, cybersecurity is necessary for safeguarding a business, but the budgets allocated to it reflect that it’s not a spending priority. According to the 2015 Global State of Information Security Survey, cybersecurity budgets only rose by 24 percent from 2014, despite a 38 percent increase in detected information security incidents.

Now what if we told you that cybersecurity wasn’t just a cautionary expense but an investment?

With the growth of data analytics and the digitalization of business functions, businesses are able to offer online services that allow them to easily reach new markets. This digital growth requires an expanding computer network, which means higher cyber risk.

To take advantage of technical innovations that make growth possible while minimizing risk, your business should implement a dependable and easily adaptable approach to cybersecurity. This approach involves two key elements.

Centralized Security Platform

Centralizing your network security simplifies network management and increases network efficiency by integrating security applications like anti-virus, intrusion detection and protection, and Internet traffic monitoring rather than contracting several security solutions. Integrating these functions minimizes security gaps that occur when several applications are running on the same network.

When your company streamlines security applications, system updates are efficiently deployed across all security functions rather than updated individually. With more cohesive system updates, an integrated network security solution allows you to prepare for or respond more quickly to cyber threats. Focusing management efforts on an efficient cybersecurity platform can enable your business to grow into new markets without sacrificing functionality or risking confidential data.

Employee Training

Your business exposes itself to threats like ransomware if your employees aren't properly educated in simple cybersecurity practices. In the Global State of Information Security Survey, employees remain the most cited source of compromise at 22 percent. Promote a culture of security within your business by educating employees on how to avoid cyber threats in their everyday work activities.

Cybersecurity education teaches employees security best practices like how to create more secure logins and recognize phishing emails. Your employees should also know to report immediately to IT when they think a device is affected by ransomware. Investing in an interactive training program can improve employee cooperation to help protect your business from cyber attacks, which could impede your business’s growth.

Streamlining security management efforts and promoting a culture of security within the company serve as investments in business growth by making it possible to enter new markets without unnecessary exposure to cyber attacks.

To learn about how to prevent a cyber attack, read our post “Five Ways to Thwart a Cybersecurity Nightmare”.

Popular Posts