Typically, when an employee leaves the company, the HR department is quick to grab the employee’s laptop. But what about the data on other equipment? How can the organization know what’s on the employee’s mobile devices? Does anyone know to which websites and cloud-based software the employee has access? Here’s how IT (working with HR) can help ensure the company’s data doesn’t walk out the front door.
Disable employee access ASAP
Employees who leave should have their passwords revoked immediately upon their departure, ideally on their last day of employment. Taking any longer to secure this step could end of costing the company if the employees later accesses the information to either steal or destroy it. Additionally, because of the prevalence of password sharing in today’s organizations, it may also make sense to force a company-wide password change on a regular interval, including the day access is revoked from an employee.
Maintain information on employee access
Typically access rights are numerous since information is usually stored in a variety of security levels and locations across the network. For the sake of protecting your company’s information, maintain a document that lists each employee’s access to the company’s information systems. The company is then in a position to disable all of the access rights, limiting the error of leaving any access codes untouched. Having a manager make sure that all access rights are disabled with a checklist that must be signed for confirmation is another measure to take to guarantee safekeeping of proprietary information.
Conduct exit interviews
Businesses that did not possess the foresight to have employees sign a non-compete or non-disclosure agreement in the initial employment stages should conduct exit interviews to remind the employees that company information is confidential and should not be revealed to an outsider.
Additional tips to remember
- Removing the person’s name from all security posts, email distribution groups
- Inform key personnel, especially those responsible for the physical security of the organization, that the individual is leaving the company and when.
- Retrieve any key code access cards, close and disable employee accounts and email accounts, keys or other access items.
- Inform other staff members including external parties that employee is no longer employed. This is critical for high-level employees.
- Monitor all systems accessed by the employee from the day of resignation to ensure that no data is copied from the network. Provide temporary access until the employee’s last day and then disable those accounts and permissions.