Employees leaving a firm is a natural part of business. Many that leave their current employment do so on good terms. However, not managing their exit from the business properly, especially when it comes to identity and access management, can leave your business vulnerable and put your data privacy at risk.
A client recently approached us, at Chalkline, asking for advice on what should be considered when a member of staff leaves their organisation. They wanted to create a checklist to ensure they had removed all access from that employee, to prevent sensitive data being reached by those that have left an organisation.
On the surface, this seems like such a simple question deserving of a straight-forward answer. When you start to dig a little bit deeper, it becomes apparent just how many things need to be taken care of once an employee has left. This could be anything from code access to the building, to social media passwords.
So, what's the process when someone leaves?
We have put together a checklist of key areas to consider. There may be additional points, depending on what is in use or what level of access the employee had, and of course some of these may not be relevant in every business. In our opinion though, it’s a good starting point.
- Return any corporate owned devices
- Notify relevant teams
- Wipe any corporate data from personal devices
- Reset account passwords
- Force sign out of business accounts
- Block any building access
- Block from WiFi access (or change WiFi passwords)
- Remove/change any code access they may have
- Remove any accounts they have access to i.e. social media, supplier accounts etc.
- Return business cards
- Change LinkedIn job status (although this cannot be forced)
- Remove phone number diverts
Better safe than sorry
Some of these steps may seem dramatic but when you consider that one third of ex-employees can still access company data and systems, the importance of technical offboarding of employees becomes apparent. If you would like any help or guidance when it comes to dealing with access management in any capacity you can contact a member of our team today to discuss this further.