What IT Measures to Take When Someone Leaves the Company

They say a chain is only as strong as its weakest link and that principle could not hold more true with respect to IT security. Many companies spend vast sums of money on IT security: firewalls, intrusion detection, SIEM logging and alerting … the list goes on.

But it may surprise you to learn many companies overlook some of the most basic security hygiene – good old, simple business process and that’s why developing a security policy relating to employment transition is absolutely essential for every business. Below are a few suggestions to get you started:

  1. Prior to the employee’s departure, consider an exit interview. This is usually a good opportunity to gently remind the employee of their confidentiality obligations as per the employment contract, but do follow up with this in writing.
  2. Recover all physical company property: keys, building access passes, parking passes, company credit cards, laptop, chargers, docking stations, headsets, identity (RSA style) tokens, and mobile phones are the obvious ones that come to mind. Be sure to update the asset register.  You should also consider recovering things like company branded clothing too – these could be used to allow a former employee to socially engineer their way back into the building or client site.
  3. Be sure to notify other staff members quickly: there is no point taking away someone’s access pass if they can tailgate another employee into the building. You should also notify clients and suppliers too, providing new contacts for them to engage with.
  4. Revoke digital access. Disable the employee’s domain account and other system accounts which the user had access to. Reset all passwords the employee may have had access to, especially social and financial platforms. It helps if your company makes use of role-based user provisioning. Leverage your ITSM toolset to cover off any systems that employee has requested access to in the past.
  5. Consider granting the employee’s line manager permission to the departing staff member’s mailbox for access to historic emails. Redirect all new mail to the line manager. Archive / delete the mailbox after a sensible period (e.g. 90 days).
  6. Consider diverting phone numbers to the line manager for a period too.
  7. Assess the user’s local machine for data. If found, move to a network share. Grant permissions to the employee’s line manager to access. Make an image of the employee’s computer and then re-image for re-use. Delete after a sensible period (e.g. 90 days).

So, what steps should you be taking now to minimise the impact?

  • Verify all staff are subject to confidentiality clauses, if not put in place
  • Develop a security policy related to employment transition, tailoring ideas like the above to your business
  • Develop a data retention policy defining how long to keep different types of data
  • Develop a checklist to follow when staff exit, removing the guess work
  • Leverage single-sign-on as much as possible to minimise the number of accounts to track
  • Implement multi-factor authentication wherever possible to get rid of the backdoors
  • Use named accounts for administration instead of staff sharing passwords to generic ones
  • Implement data loss prevention technologies to restrict the movement of company data

If you have any questions about any of the above, or need help designing your own employee transition processes, please get in touch with us here.

If you’re looking for consultancy services to help design your own IT business processes, contact Starboard IT to find out what we can do for you.