30 May WHAT DOES IT MEAN FOR YOUR CYBER SECURITY WHEN AN EMPLOYEE LEAVES?
What steps should your company take when an employee leaves? Here’s a checklist to see departing employees out the door, securely.
Employee turnover is a natural part of the life cycle of any company. With each departure, whether entry-level or management employee, your organisation needs to have a comprehensive process in place to handle that exit in such a way that company information and cyber security remains uncompromised.
In short, once the door has closed – it needs to stay closed, so here’s an employee departure checklist to see them out the door, securely:
1. Conduct an exit interview
Once an employee has tendered their resignation, you need to make time for them to sit down with their manager and the IT team. This exit interview must be used to:
- Review document retention requirements including the process for saving electronic and print documents. (This ensures that important documents can still be located and retrieved after they’ve left.)
- Discuss any company devices that need to be returned (This ensures that company devices don’t leave ‘accidentally’.)
- Review any company-related accounts they have access to – social media accounts, software subscriptions, email accounts etc. (This ensures that these accounts can be properly handed over)
- Review access to credit cards including related online reconciliation accounts (This ensures unauthorised use is prevented.)
- Identify how they can be reached if the company needs to get in contact after their last day.
2. Retrieve company devices
It’s important to maintain an inventory of all equipment and devices that have been distributed to employees – this can include any laptops, phones, tablets, navigation systems, cameras, cables and peripherals.
You must request that the employee returns any equipment that was issued to them, before their departure. This includes any backup devices like flash drives, CDs and external hard drives. Far too many data breaches are the result of a stolen or a lost device, so take care to mitigate this risk by identifying and collecting all devices.
3. Deactivate company email addresses and remote access accounts
Email accounts and all computer network accounts for this user should be deactivated on the day of departure to prevent the ex-employee from accessing company information after they’ve left the building. To ensure continued communications with external clients, it’s a good idea to implement a process to allow ex-employee emails to be forwarded to their supervisor.
4. Change ALL the passwords
All accounts linked to the employee should have been reviewed in the exit interview. These important accounts will need to be properly handed over by the employee to their replacement or supervisor. Once they’re gone, you need to update any of the passwords to the accounts they had access to. This includes changing the PINs or passwords to any corporate credit cards or financial accounts.
5. Collect all company-related keys, pass-cards, and ID tags
On their last day, you need to make sure that the employee hands back any items used to gain access to the building/parking. It’s advisable to let the security team know when the employee’s last day is, just to ensure that security knows they’re cutting ties with the company. If that employee has any access codes to computer-based building security systems, these will need to be changed and new codes will have to be distributed to the necessary staff.
Conclusion: Trust No One
It’s a sad reality – total trust in an employee’s honesty is not something any employer can afford to bank on. Given that theft of company information can lead to massive financial loss, coupled with the fact most cyber security breaches occur with inside help – it’s clear that companies need to take precautionary steps when employees leave. Putting these key steps into practice will help prevent incidents of deliberate sabotage to company data (i.e. destruction, alteration or removal of business information) and will help keep the door shut, once the employee has left the building.