According to Forbes, approximately 2 million Americans leave their jobs every month. Regardless of whether you are in a small business or a Fortune 500 company, there are critically important steps that I.T. administrators should take when an employee leaves. Even if the employee voluntarily left on great terms, it is critical to offboard the employee properly. A recent study found that 89% of employees still had access to their company’s network and data after being let go. If someone can still log in to servers, access confidential data, or even just tweet in the company’s name, they can wreak havoc in ways that reflect very poorly on the company - and on the I.T. staff within the company responsible for network and data security. Insider attacks, including those by terminated employees, can be very costly and damaging. An organization in the U.S. faces an average of 3.8 insider attacks per year. We have put together a checklist of steps that should be completed immediately upon an employee departure.
#1. Disable the employee's user account. Many organizations use Active Directory or something similar. This account should be disabled (not deleted) immediately upon an employee's departure or termination.
#2. Disable or change any other accounts and passwords that the employee may have had access to. Doing this effectively requires having a strong management infrastructure in place to quickly identify these accounts. This also means changing any shared passwords the user may have had access to.
#3. Terminate VPN and review any remote access methods. Double check to ensure there are no backdoors into the network or any other remote access solution that may have been installed.
#4. Forward the employee's email to someone else and ensure the email account was disabled through Step #1 or #2 above.
#5. Change the employee's voice mailbox password and make sure the employee doesn’t have access to use the phone system.
#6. Retrieve or disable all company-owned physical assets. This can include cell phones, laptops, keys, fobs, tokens, ID cards, software, manuals, etc. You should have a list of everything given to an employee.
#7. Change PINs, door codes or locks to disallow physical access to the company premises.
#8. Don’t delete anything off of the employees computer. Instead, make a complete back up and store it for a certain period of time.
#9. Contact any vendors that the employee may have worked with and inform them of the departure so they are aware.
Download Lanspeed's I.T. Checklist for Offboarding Employees to ensure you take the proper actions to protect your company's network and data from former employees.