IT Security Best Practices for Offboarding: Mitigating Risk During an Employee Dismissal
Terminating employees is one of the most unpleasant aspects of managing people, learn how to properly plan and prepare for a dismissal from an IT standpoint…
You will likely never meet a business owner or supervisor who actually enjoys dismissing an employee. Unfortunately, there are times when it is absolutely necessary. Understandably, being let go can be very emotional. For this reason, a former employee who still has access to a company’s network and proprietary data can present huge security risks. It is important to partner with your IT provider and properly remove them from the network. Here are some tips to managing this very difficult situation:
Early preparation can allow your IT team to preserve critical resources, data, and activity logs in the event the former employee decides to seek retribution through damaging company resources. Have a discussion with your IT provider about creating a termination policy that could include data redundancy and retention policies which provide some protection should the employee preemptively delete their hard drive.
Communication and Plan:
The best preparation can go awry if all parties are not kept in the loop. Take Twitter as an example, their employees woke up one morning to learn they were laid off because their mobile accounts were disabled prematurely. Maintaining a clear line of communication could have alleviated the risk of escalating an already sensitive situation. Luckily for Twitter, they hadn’t informed employees of layoffs before they coordinated between their HR and IT department, enabling disgruntled employees the ability to wreak havoc on their network. What Twitter did lose, was control over the outcome, and the conditions in which each case would be managed.
It is worth noting that these situations can create hostility. According to the Department of Homeland Security, there have been a dramatic increase in the number of computer network infiltrations by former employees; they pose a significant threat to US businesses due to their authorized access to sensitive information and networks that businesses rely on.
It is why having a formal dismissal protocol which can alert your IT team to revoke access to the company computer, network, and data is so important. This includes remote access so that they cannot login from their home or personal mobile devices.
Retrieve Company Property:
Removing access from the network is an important safeguard to your existing infrastructure. However, it is also important to take possession of all company property immediately following dismissal. Items such as company laptops, mobile devices, access cards, and corporate credit cards are all crucial to keeping your property safe. This is also where the value of an established WISP and BYOD plan comes into play so any device – either commissioned or employee owned – can be managed to protect company assets.
All items and revocations should be documented similarly to the process of a new hire – in the event of a legal dispute these records will become vital. In addition to a BYOD plan, your organization should also have a WISP that provides a degree of protection for the employer in case of litigation as well as setting internal expectations for using devices that access company data.
Dismissing an employee is one of the most difficult tasks you’ll ever have to do; and for most, it is a painful responsibility which never gets easier. Fortunately, it is something you do not need to go through alone. With the help of a proper HR professional to guide you through the process, and a clear IT employee dismissal process, you will have the tools to tackle the situation while minimizing risk to your business. For more information on how to develop an internal company policy or learn more about the ways to protect your business, contact us today!