Protect Your Company’s Collaborative Spaces

padlockConsider the following scenario: An employee leaves your company or a virtual team member moves on, and the circumstances have been less than ideal. What do you do to make sure that you keep your company’s (and your clients’) confidential information safe, when someone who is no longer on your team might still have the passwords to the apps you use?
When it comes to collaborative tools such as project management apps, you can usually apply different levels of access to each team member. Still, have you figured out what to do when someone from the team departs?
You have a few options:

  1. Delete their account. But what happens if that account contains data that applies to work you’re still doing, or time reporting you are still running?
  2. Make the account inactive. But does this mean the account still counts against your user quotas, or will it give you an open space to add a new member without increasing your service level?
  3. Change the username and password. But is this really a secure option?

My company’s virtual team (over a dozen people) are using 5pm, so I contacted the company to see what they recommend doing in the situation of a team member leaving and what their service supports. They acknowledged that workers leaving a company is an interesting issue and recommended changing the login email address used on the account and the password. While they suggested using a fake email, I’m thinking using an alternative email address to which you have access would be a better solution.
5pm’s programmers are able to restore data if you accidentally delete something you didn’t intend to remove, but they also pointed to the “Backup” feature that allows you to pull your data from the cloud onto a computer before you make any changes if personnel has changed. The company is considering an “active/inactive” flag for users, but also said that since their plans are based on the number of users, they were concerned that people might turn this feature on and off to get around upgrading to a premium level.
Curious to see how other project management tools handled the issue of security when a team member departs, I approached Wrike and LiquidPlanner with my scenario as well.
The folks at Wrike suggested that the best way to protect against potential sabotage is to deal first with the issue on the HR and legal side, rather than relying on your cloud vendor. While I agree with this in theory, most startups don’t have an HR department or a legal team to enforce issues, and much of what happens with team members happens swiftly and potentially irreparably in a bad situation. Contracts can’t keep disgruntled individuals from commiting sabotage. Wrike has a “merge” feature so you can actually merge the data of one user into the account of another. The account can be kept active with a changed username and password, or removed after merging data to downgrade an account if money is an issue. The Wrike folks also say they have multiple levels of backups and a friendly, helpful customer service team at the ready to assist in a crisis situation to help retrieve lost data or protect an account. They may, however, require a fee to cover the time of their programmers.
LiquidPlanner lets you immediately “disconnect” a user from the collaborative workspace if they leave the team, so a former employee can no longer log in to view or modify the team’s project information. This feature makes their account inactive. This disconnection feature eliminates the need to change a login and password as a stop gap measure. The workspace remains secure. The inactive user’s projects and tasks will remain accessible and intact so the rest of the team can access all the data related to their account. Inactive users do not count against the user quota for a LiquidPlanner account. If you disconnect a user from a workspace at any time and then they return to the team, you can simply invite the same person back into the space by “reconnecting” them.
Before you run into a crisis situation with your project management system, here are a few things to look into today:

  1. Check to see if the apps you use have a way to back up your data.
  2. See what the company recommends in terms of security actions to take if a team member leaves abruptly.
  3. Check if there are fees for restoring data via the company’s main backup system.
  4. Write out your internal plan for keeping your company’s project management space secure.

What is your plan for keeping your collaborative spaces secure?