10 things for IT departments to do when an employee leaves their job
It is inevitable that you will have employees come and go throughout the years. Whether the employee has left due to poor performance, the company downsizing, or they are moving on to another job, you must consider the actions needed to happen to ensure once they have left your company data remains secure. Here we discuss a checklist of actions you need to take to ensure IT security remains tight once an employee has left. Regardless of whether there was hostility when the employee left or it was amicable, you can never be too safe when it comes to sensitive information and company secrets.
Once the decision has been made that the employee is leaving (regardless of whether this decision was made by the company or the individual) the HR department should let the IT department know immediately the date the employee is leaving so they can complete the actions on the checklist.
1. Revoke access to their email
This is something that should be done as soon as they have officially stopped working for the company. In many cases, a company often leaves it a few hours or even days before they get around to doing this. Although in most circumstances the employee will not try and access any information once they have finished working for the company, the fact that they would be able to could be a massive security risk for the company. Ensure all permissions and access are removed as soon as possible. Also be aware that if the employee knew they were leaving they could have emailed some information across to another email account prior to them leaving. Check for suspicious behaviour (e.g. a large amount of forwarded emails)
2. Set up auto forward emails
This should happen immediately after you have revoked email access from the individual. Set up an automatic forwarding system so that all emails sent to that employee now get sent to another member of staff. Also set up an automatic reply to send people which says the employee in question no longer works here and state who their new point of contact will be along with their contact details. This ensures a smooth and professional transition.
3. Remove access to all systems and documents
Ensure the member of staff cannot access any of the internal systems and documents.
4. Ensure full handover of their work
Although a lot of companies have a shared drive where people upload their work, some employees may have documents saved in other locations. Although this is difficult to track, ensure you are happy they have passed over all their documents before they leave.
5. Take back any company devices
Ensure any device the member of staff was given (e.g. phone or laptop) is returned before they leave. Complications arise when the company has a BYOD (Bring Your Own Device) Policy. If this is the case, you should have it in your company handbook that you have permission to remove any company information from their device, keeping their individual information untouched. Also ensure they do not have access to log on to the company’s social media accounts from their phone as this is often forgotten about and could have consequences.
6. Change all passwords
Ensure all passwords for any logins the employee had access to is changed as soon as they leave.
7. Change PIN numbers
If the member of staff had access to a company credit card, again ensure the PIN number is changed.
8. Back Up data
This is common practice that should be happening on a regular basis regardless of whether someone is leaving. However, when an employee leaves is a great opportunity to carry this task out.
9. Have a non-compete clause
A lot of companies have trade secrets which cannot afford to get in the hands of competitors. To reduce this risk, you should have a non-competitor clause in their contracts that state they cannot work with competitors for at least a certain amount of time.
10. Monitor employee activity
It is important that you have the ability to detect any suspicious behaviour from employees. If they are planning to leave but haven’t told anyone yet, the employee could have weeks, if not months of time to slowly transfer sensitive information out of the company. This is a worst-case scenario, but you should set it up so you can monitor your employees’ activities online. Ensure you have it stated in your employee handbook that you have the right to monitor their activity. It will need to explain that it is for the safety of both the employees and the company. You need to be upfront about your ability to monitor them so that the rest of the staff don’t feel like they are constantly being watched.
Although in the majority of cases, when an employee leaves you will not have any issues, by having this checklist in place and have a procedure of how to deal with employees leaving, you are ensuring your company is as secure as possible.
ECL recognises that every client is different, and every client has a different IT support requirement. Whatever the size of your business, we can offer a support scenario to suit your needs.
Whether your business already uses Cloud services or you’re considering the Cloud as a possible way forward, talk to us first. We can provide anything from fully hosted IT infrastructures on our own ECL Private Cloud, to simple on-line backups. We can also give expert advice on Office 365 and other Cloud platforms.
How would losing access to your IT systems and data for days, or even weeks, affect your business? For many if not most companies this would be a nightmare scenario, with potentially very serious consequences.