The IT department has a lot to worry about these days. From the weighing demands of the CIO in light of digital transformation, to preparing for IT outages during times of disaster, not a day goes by without a new challenge to tackle. Some concerns that are always top of mind for IT are the issues surrounding cyber security such as mitigating data breaches and tightening up vulnerabilities. And while IT security may be focused on implementing encryption, fighting off ransomware, and other malicious threats, it may come as a surprise that one of the biggest threats can come from directly inside the organization. I’m referring to the vulnerabilities associated with an exiting employee.
Employee offboarding can be a tricky obstacle that many organizations struggle with. This is especially true when it comes to IT. According to TEK Systems, “only 14 percent of IT leaders strongly agree their organization has an effective offboarding process, and at the end of the contract, only 6 percent of IT leaders report that they conduct a formal offboarding process where knowledge and experiences are transitioned from contingent workers to internal staff.” These statistics are alarming as recently terminated employees can pose serious security risks to the organization.
What Should You Do?
It’s critical that IT works closely with management and HR to address the concerns tied to an exiting employee’s access to network login credentials and sensitive corporate data. And for industries beholden to federal regulatory compliance requirements such as healthcare and finance, organizations may even face legal scrutiny if the employee offboarding process is not managed properly. Maintaining strong IT security best practices is very important.
With those issues in mind, what can organizations do to reduce risk when employees leave the company? What steps can IT take to make sure that corporate data stays secure and that all permissions to company accounts and system logins are appropriately transitioned over to management?
Take Preemptive Measures
In order to avoid the worst, IT should be looped in directly with HR to adopt procedures for how to handle ex-employee permissions. For starters, this means keeping meticulous logs and documentation that tracks who is has access to what regarding system logins, network permissions, equipment usage, etc. Next, it’s extremely important that both management and IT are immediately notified of when an employee is planning to exit the company. From there, have a plan of action for situations where an employee is suddenly terminated without notice.
Here are some other proactive steps your company can take to help reduce risk from an exiting employee:
- Set in place policies and procedures about who should be notified when employment is ending with clear orders for who in management should be held accountable
- Designate an IT-focused role that prioritizes information security who properly revokes access to accounts, changes passwords, and carefully documents all pertinent employee data
- Have an immediate plan of action for recovering any equipment, ID badges, remote login credentials and other accounts associated with the exiting employee
Treat the loss or termination of an employee as a high priority item that IT must deal with in order to meet the security mandates you’ve put into place. Make no delays taking action the moment you know an employee is leaving the company. The consequences may otherwise be devastating.
Have anything to add regarding the IT procedures involved in offboarding an employee? Let us know in the comments below!