Guide On Company's Equipment Recovery [Laptop, Hardware] After Remote Employee Termination
As more companies and employees terminate their employment contracts due to new job opportunities, financial hardship, or restructuring, there have been more concerns about what happens to their assigned equipment like laptop and other hardware. Some of the company's most valuable data are kept on the company’s equipment. So, companies need to formulate and implement actionable policies that will help secure the equipment for retrieval. Employee terminations can be stressful and expensive. No matter how many policies you put in place, terminations continue to happen.
Since providing equipment like laptop and other hardware is important when building remote teams; it ultimately means that remote employees are in possession of valuable company assets. So, what happens when they exit the company? How do you retrieve this equipment? Of course, job termination affects individuals, but it also impacts the company's bottom line. According to the Economic Research Institute, "termination is expensive. When you dismiss an employee, typically it will cost between 50% and 60% of that person’s annual salary to refill the position." A 2016 report from the Society for Human Resource Management (SHRM) found that the average expense to bring on a new worker is $4,129, requiring approximately 42 days to get the position filled. Before, this wasn't seen as a big deal. However, with growing job markets and recovery rates reaching a 20-year high in the U.S., companies are desperate to keep costs down; one of those key costs being employee termination.
In fact, 30% of companies report having equipment loss or damage due to terminated employees according to the SHRM report. Simply put, it is difficult to terminate the services of an employee and it is even more difficult to retrieve their equipment. This post discusses what to consider when implementing a security plan to retrieve company equipment and how to retrieve all company equipment from terminated employees.
Implementing a security plan to retrieve company equipment
In today's business world, the success of a company depends on its employees. And in many remote companies, the level of productivity depends on the IT equipment that the employees use. Having employees sign contracts and track computer usage with software should be part of your company’s actionable security plan to protect company's equipment.
Although, policies do not solve all security problems, they help increase security by defining the process which a company should adopt to develop its procedures. A security policy defines the clear, comprehensive, rules, and practices that regulate access to a company assets and their data. A good security policy protects not only the equipment but the company as a whole. A security policy also serves as a prominent statement to the outside world about a company’s commitment to security.
The company identifies which assets require protection and what kinds of risks could compromise those assets. This critical function determines the level of appropriate countermeasures that are required. These are usually set in two categories: property damage and retrieval of equipment. For the sake of this article, we will focus on the retrieval of equipment.
A company’s risk assessment informs policy-makers of the specific security requirements. Regardless of those findings, the following questions should be addressed clearly and concisely in any security policy:
- What is the reason for the policy?
- Whose authority sustains the policy?
- Under what laws or regulations, if any, is the policy based?
- Who will enforce the policy?
- How will the policy be enforced?
- Whom does the policy affect?
- What assets must be protected?
- What are users actually required to do?
- How should security breaches and violations be reported?
- When does the policy go into effect and when will it expire?
Additionally, the process should identify the probability that opposition may occur and the impact it will have on the company if a loss were to happen. There are steps that are important in determining how best to protect the company’s equipment and they must be performed periodically. This includes:
1. The right equipment retrieval plan should consider the various requirements
Retrieving and, especially, delivering equipment from GPS trackers includes more than the device software. The hardware, network, and business operations of your operation are all important. “These include: implementing equipment tracking software; documenting equipment assigned to employees; requiring employees to accept and sign an equipment agreement that includes a list of received equipment that must be returned upon termination; and informing employees that the cost of any equipment that is not returned by a given date will be deducted from their final paycheck,” said Omer Kaan Aslim, president of Desired Outcomes. “Organizations should inform terminated employees that shipping costs associated with equipment returns will be reimbursed (if applicable).”
2. Develop a proactive plan for managing data and app access.
The stakes are high when it comes to data security. All organizations face the threat of data breaches, malware, and spyware. “Employees can access business apps hosted in the cloud from any device, on or off of the corporate network. IT departments can minimize post-termination access by limiting how employees interact with the software while employed. Defining access levels in the beginning, will make it easier to remove access permissions when an employee leaves the company,” said Heather Paunet, vice president of product management at Untangle.
In addition to protecting sensitive information, large and small businesses need maximum productivity from their mobile devices. We explained how this can be achieved here.
3. Trust but verify
Human beings are motivated by many different impulses. A person's ability to resist this desire varies based on certain conditions, but no one is completely immune to it. Sometimes, employees could face situations that may require them to demonstrate integrity. To prevent such situations, companies need to enforce processes to ensure the trustworthiness of employees and contracted parties that have access to sensitive information.
4. Consolidate and automate.
Business and Information Technology (IT) are tightly-coupled components of an organization. The modern enterprise requires a balance of these two areas to be successful. Traditionally, the lines between technology and the business have been blurred because they were managed separately. Matt Cox, senior director, technical operations, ITSM at SolarWinds, suggests that consolidating all IT equipment under one system provides a visual of the life cycle of the technology infrastructure, making it easier to track hardware devices regardless of location. Automating risk detection can help monitor if the assigned equipment is in use and active. This helps cut down on remote workers using their personal devices to access company data.
5. Equipment management and IT service management should be integrated.
End-to-end equipment management and IT service management integration require a foundational set of capabilities and adherence to industry standards. Integrating service management and equipment management is vital, especially within large organizations. “The Center for Internet Security (CIS) lists inventory and control of hardware and software equipment as the top two recommended basic controls. Automated, centralized IT equipment management can fulfill these recommendations. By integrating equipment management and service management, IT has the foundation it needs to manage the entire life cycle of equipment, from onboarding through reclamation,” said Ian Aitchison, senior product director, ITSM at Ivanti.
Managing The Retrieval of Equipment with Confidentiality
Managing the retrieval of company's equipment, from terminated employees in a way that respects their confidentiality is important. It helps ensure that your company's proprietary information remains secure.
While it can be difficult to strike the right balance between respect for privacy and the need to prevent a former employee from using your confidential information, there are clear steps that you can take to protect your company's interests while also treating former employees fairly.
First, develop a thorough system for tracking which equipment was used by each employee throughout his or her tenure with your company. Keep detailed records of which devices were used by employees who have already left the company, as well as those who are still employed. Your records should include any identifying information about the device itself, such as serial numbers or model numbers. The sample form here will guide you.
Next, develop a well-structured policy for clearing data from these devices when they are being returned to the company. This policy should take into account both federal and state laws when it comes to handling personal data left on corporate devices. Show the steps you took to ensure that employee data was not compromised during device retrieval.
During this process, it is necessary to document all information saved on these items as evidence that the proper protocols were followed.
Most times, it is easier to use a third party to help you secure company's equipment from former remote employees. The Growrk platform ensures that former employees or contractors turn over all company-owned equipment, including laptops and other assigned accessories in good condition. We take responsibility for retrieving equipment from remote employees during their exit from the company.
With our help, you can be rest assured that off-boarding an employee and retrieving your company’s equipment will be hassle-free.
By taking the steps to book a free demo, your company can recover all of its equipment from your remote employee when they leave the company. And, you can prevent potentially damaging situations from occurring and save yourself thousands in hard costs and lost productivity as well. Growrk makes the process easy, confidential and secure.