I had an employee provide a resignation before I was on site. The employee then unplugged a desktop computer and left the premises with it. The computer contained pricing data, customer data, email communications, login credentials to several important websites, login info to vendor websites.
I filed a police report and the police were able to recover the computer, however the data on the machine was wiped or the drive was replaced.
What should I do?
Note to all businesses- always have an off boarding check list. Deactivate them from all accounts before notifying them. You should start by changing their email password- it’s hard to get into locked accounts if they don’t have an email account. Then the CRM or sales software.
I own several companies and have seen this at so many companies.
This!
Onboarding/offboarding procedures
Enrol a device in MDM (you can lock, wipe, reset PC’s remotely).
Backup your data (multiple ways).
Use SSO to enforce sign outs quickly.
Share an internal database base with zero trust as minimum.
Insider threats are unpredictable and devastating. In this situation hindsight has 20/20 vision and I’m gutted for OP. Any company even if there’s two or three of you should think BIG I.T.