No one wants to go through the stress of firing anyone, but sometimes you need to let one of your IT techs go. This can leave your company wide open for data breaches. Before starting the off-boarding process of an employee who has access to your entire computer network, having a proper procedure in place can help protect your data. Use these six tips to create a process you can use to safeguard your company’s private information when severing ties with a member of your IT team.
Tips to Terminate an IT Employee Without Risking Your Company’s Information Security
Eliminate the employee’s company network access. It is perhaps obvious fired employees should no longer have access to company computers, but a recent study found that surprisingly almost 9 out of 10 former employees’ credentials were still active for some time following termination. Your business can prevent potential issues by disabling, but not deleting a person’s business account and passwords before firing. You should pay particular attention to blocking any applications which allowed the employee to access your company data remotely.
Prevent access to third-party applications. Access to third-party software connected with your company can be more difficult to contain than access to in-house computer systems. If your former IT employee had access to third-party applications such as Dropbox, Outlook, Sharepoint, Trello, or Facebook, remove the person’s access immediately. This is where the importance of good record keeping is beneficial. Remember to leave your former employee’s email accounts and cell phone number open for a time, but forward emails and incoming calls to another member of your staff to maintain seamless communication.
Recover company-owned property. Before the former employee leaves your premise, take back the person’s company ID, access cards, keys, fobs, cell phones, laptop computers, and any manuals. Your HR department should always maintain a list of anything you give your employees to make it as easy as possible to verify the person returns everything.
Back up the former employee’s work computer. In the rare event that a former employee misuses your company’s data, it is essential for you to have a record of everything the person had access to while employed. Before reformatting the terminated employee’s computer or company cell phone, make a complete backup of the data and maintain the information for a few years just in case the worst-case scenario occurs.
Inform people that the person no longer works for your company. Make sure that all of your employees know that the person left the company and that their former coworker should not be in the office at any time. Ask your employees not to discuss company information with the person in the future. Contact any vendors which the former employee did business with and give them a heads up in case the person tries to contact your vendors for any reason.
Change access codes and locks for your most sensitive areas. If the terminated employee was able to access highly restricted areas in your company, replace locks and create new PINs and door codes. Look into the possibility of upgrading your security to use biometric or individual passcodes to make the process as easy as possible.
In a survey by Osterman Research, Inc., over 75 percent of former employees who retained credentials admitted to at least logging into company computers. Hopefully, your former employee is the rare exception, but the risk is far too significant to do nothing.