While businesses worry about hackers, the fact is that the majority of data breaches are caused by human error. Current employees, former employees, and disgruntled workers may not take adequate steps to protect your assets. That’s up to you.
So, when an employee leaves a position, focus on your IT security to prevent potential problems.
Your Employee Termination IT Checklist
Start by creating a checklist that you can use during and after the termination meeting, so you don’t forget any key steps. In the rush of getting things done, it can be easy to miss important steps that might compromise your IT security.
- Recover any company equipment that an employee might have, such as cell phones, laptops, mobile devices, keycards, or software licenses. Have employees sign documentation that they have returned all company equipment, so you both have proof.
- If your organization requires multi-factor authentication, make sure it doesn’t point to an employee’s personal device or email. This prevents the former employee from logging in to systems where MFA is enabled.
- You may want to keep certain accounts active for a while, such as an employee email, to prevent anything they were working on from falling through the cracks.
- Employee email should be preserved per your organization’s email retention policies. If you suspect the possibility of legal action, email may be important documentation.
- Disable their Office 365 or Active Directory (AD) accounts (if appropriate).
- Remove the terminated employee from any generic email distribution lists.
- Remove the employee from phone systems and disable any voicemail passwords.
- Remove the employee from access to any company social media accounts or websites.
- Disable access from all access control security groups so the employee can no longer log in to domains, use a VPN or remote desktop application to access company networks.
- Change or disable passwords on applications. You should start with the most important programs, such as financial applications or customer relationship software.
- Disable access to third-party applications. Don’t forget to check cloud services, such as Dropbox, One Drive, or Google Drive, which can be used to automatically share files. If the employee had a company account for video conferencing, such as Zoom, you’ll need to delete them, too.
- Check the employee’s computer for any other applications or cloud services that might compromise company IT security, such as TeamViewer or LogMeIn.
- If there is any chance that employees shared passwords, you will want to require affected employees to change their passwords, too.
Once an employee is no longer part of your company, you should also make a brief announcement to your current team about the employee termination. Keep any announcement brief and avoid sharing any information about the reasons behind the separation. While it may be tempting to explain the situation, there can be legal repercussions. If you have concerns about what to say, check with your HR department or legal counsel.
Preparing for Employee Termination Is Part of Your IT Security Plan
The best way to prepare is to have a ready plan to manage IT security and plan for employee termination. You should take precautions to secure company information and keep confidential information protected.
This includes actions such as:
- Having a comprehensive security plan to prevent unauthorized access from anyone outside your organization
- Password rotation and/or multi-factor authentication practices
- A formal acceptable use policy
- System backups for business continuity and disaster recovery
If you do not have people on staff that are well-versed in modern IT security protocols, consider hiring someone or outsourcing your IT security. Reach out to the experts at HIG to learn more about the benefits of Managed IT Services or request an IT assessment.