Tom Shanley, SVP of Technology Services for SmartSource
Employee offboarding can be a challenge for many businesses, whether voluntary or not. With talk of the ‘Great Resignation’ continuing, now is the time to put plans into action to safeguard company data.
In the past, voluntary departures or forced terminations were handled by an employee’s direct manager and the HR department and rarely included IT. Today, however, business owners must account for the technical offboarding of employees to safeguard company data and prevent future access.
IT and HR departments must align the employee offboarding processes and policies with negating the risks associated with potentially malicious behavior post-termination. While commonplace for employees to receive an overview of their lapsing financial and medical benefits, revoking access to internal and external systems is often an afterthought.
Documenting every folder, application, and website an employee uses for their job is critical. This action alone helps mitigate unwarranted access at the time of termination if a simple checklist is followed. Typically, it is best to have your IT team follow your internal offboarding policy while management and HR conduct the termination. As a result, when the employee exits the building, they’re also exiting your network.
Businesses can also take advantage of Identity and Access Management applications to more easily offboard employees and control access across internal and web-based systems. For example, your business likely has data on file servers and various websites that your employees access every day. Identity and Access Management applications allow you to create a single user account for everything an employee needs to access. When an employee exits the business, canceling this single account revokes their access to all of your systems simultaneously.
Management and IT spend a lot of time discussing their network security and remediating any potential vulnerabilities that may exist within the network. The same focus should be given when protecting the business from internal sources, namely employees, who may be able to access the network and various web-based services.
Set policies and procedures that align management, HR, and IT with mitigating threats from exiting employees. You’ll be glad you did.