Employees will join and leave your company on a regular basis. When they’re no longer part of your team though, it’s important to remove the access to your IT system which they used to enjoy.
Of course, hopefully none of your former employees want to sneak back into your system for nefarious purposes.
But laptops can be lost. Favourite passwords can be stolen and used to access other accounts.
Protecting your business from ex-employees is about more than whether they left on the best of terms. It’s about making sure that you are protected against any possible data breach, accidental or deliberate.
Here’s how you do it:
Having a set offboarding process in place helps you guarantee nothing gets missed whenever anyone leaves your company.
When you’re designing your process, this list is a solid place to start.
Devices which were issued to that employee should be retrieved. Don’t forget:
Removing any company data stored on personal devices – probably using an MDM (Mobile Device Management) system – should also be part of this step.
This is vital for every employee leaving your company. It’s particularly important if they were the point of contact for certain clients.
Make sure all emails intended for your former team member are forwarded to the person taking over those responsibilities.
You should also reach out to clients to ensure they know who their new point of contact is.
As soon as that employee walks out of the door for the final time, they no longer need their company logons. Update and revoke their access to all of your internal systems. This will include things like:
It’s worth bearing in mind that information stored on the cloud is much easier to control than information stored locally. This makes it simple to revoke access when a team member leaves.
Most organisations store documents in shared company folders or cloud-based business tools.
This is good practice. It also means that all you need to do to ensure continuity is to make sure current employees are aware of the current status and location of projects.
If you allow employees to routinely store their files on personal devices, it should be standard practice to retrieve those files and have your former employee delete their copy when they leave.
Not strictly in the IT field, but related to it, are things like:
With the right monitoring in place, your IT system will detect and prevent large data transfers to external sources – something you want to be safeguarding against as a matter of course.
You can even remain in control of data on company phones and other devices, remotely managing and even deleting it if necessary.
Steps like this are a good way to prepare yourself for all kinds of cyber security threats.
It is important to remember that none of this is to imply that every former employee is going to be running around wildly trying to steal your information.
But by neatly drawing a line under their exit and preventing the tiny slips which can lead to major data breaches, you are protecting your business from even the most well-meaning of ex-employees.
Do you have a strategy in place to protect your business when an employee leaves?
Let’s talk about creating one. At Dial A Geek we consult with businesses in Bristol and across the country on every aspect of IT security. 968 SMEs trust us to keep them going!
Give us a call on 0117 369 4335 or email [email protected]
You can also sign up to our regular newsletter if you’d like to receive regular helpful resources, such as guides and videos.