Did you know that 20% of surveyed businesses have experienced a data breach connected to a former employee?
Taking away a former employee’s access to company information and more is crucial as part of the offboarding process. Doing so minimises risk. Below, we’ve provided a handy checklist to help you cover all your bases.
Your Employee Offboarding Checklist
Knowledge Transfer
When an employee leaves an organization, vast corporate knowledge can disappear. It’s essential to capture this during your offboarding process. This could be as simple as what social media app someone used for company posts. Or it may be productivity leveraging. Such as the best way to enter the sales data into the CRM.
To avoid losing knowledge when an employee leaves, have that employee document procedures and workflows during their exit interview. Even better, make it a habit for all staff to document these things regularly. That way, the information is available even if the person who handles those tasks is no longer there.
Address Social Media Connections to the Company
If the former employee was connected to your company on social media, take measures to address that. For example, is their personal Facebook account an admin for your company’s page? Do they post anything on your corporate LinkedIn page?
Identify All Apps & Logins the Person Has Been Using for Work
A list of an employee’s apps and website logins is usually available from the HR or IT department. However, employees may still use unauthorized cloud apps for work, often overlooking security consequences.
Awareness of any apps the employee may have used for professional activities is crucial. You will need to discuss these with the employee. Either change the login if you plan to continue using them, or you may want to close them entirely after exporting company data.
Change Email Password
Changing the employee’s email password should be one of your priorities. This keeps a former employee from getting company information. It also keeps them from emailing as a representative of the company. Accounts are typically not closed immediately because emails need to be stored. But it would be best if you changed the password to ensure the employee no longer has access.
Change Employee Passwords for all Business Apps
Change all other app passwords. Remember that people often access business apps on personal devices. So, just because they can’t access their work computer any longer doesn’t mean they can’t access their old accounts.
Changing the passwords locks them out no matter what device they are using. You can simplify the process with a single sign-on solution.
Recover Any Company Devices
Be sure to collect any company-owned devices from employees. Don’t forget; often, remote employees are given equipment to use for work purposes. Do this as soon as an employee leaves to prevent losing the equipment.
Recover Data on Employee Personal Devices
A bring your own device (BYOD) policy is when an employee uses their own personal device for work purposes. Many companies choose this route because it’s more affordable. However, it can complicate the process. You must have all company data backed up on those devices. If you don’t already have a backup policy, now would be an excellent time to create one.
Transfer Data Ownership & Close Employee Accounts
Once an employee leaves the company, don’t keep their account open indefinitely. Have someone transfer their data to another user account and close the old one. Unused funds left open can be hacked into much easier since there is no monitoring of them happening. If you’re not careful, someone could gain access and steal data for months without anyone noticing.
Revoke Access by Employee’s Devices to Your Apps and Network
Endpoint device management systems make it easy to revoke access from devices. To do this, remove the employee’s device from any approved lists in your system.
Change Any Building/Property Access Codes
Don’t forget to change your physical access codes, like a digital gate or door passcodes, so the person can no longer enter your building. Revoke access to any access cards even if it has been returned.
Need Help Reducing Your Employee Offboarding Security Risk?
When you proactively manage and review employee offboarding, the process is much easier and greatly reduces risk when things change over time. Contact us today for a free consultation to enhance your cybersecurity.
