Introduction

It’s never easy to let a member of your organization go. Employee departures, whether voluntary or involuntary, can pose serious cybersecurity risks to organizations. Failing to promptly address these risks can lead to data breaches, unauthorized access, and potential harm to the company's reputation. In this blog post, we will outline crucial cybersecurity considerations to keep in mind when an employee leaves your organization, along with five additional suggestions to enhance your security measures.

Considerations

Timing is Key

When an employee departs, timing is crucial to prevent unauthorized use of their account - either by the departed employee, or by a hacker taking advantage of their now-unused account. Begin by revoking their access to your productivity suite (e.g. Google Workspace or M365). Next, move to revoking access to accounts on other critical services and then your non-critical applications. If you have an IT inventory, the process of ensuring you remove all access is fairly straightforward. If you don’t already have one, now is a good time to make one. Download our free inventory template and check out this video that walks you through the process of filling it out. 

Remote Wipe of Devices

To ensure sensitive information remains protected, use your organization’s device management tool to remotely wipe the employee's computer. If you don’t have this capability, you’ll want to ask the former employee to ship the laptop so it can be wiped. Depending on circumstances and if the separation is involuntary, you may run the risk of data or device loss if the former employee is not cooperative.

Communicate with the Employee

Notify the departing employee about their separation and ensure that they have added their personal email address to your organization’s payroll, benefits, and retirement services. This will ensure they can retain access to paycheck information, benefits, and other relevant details after their organizational email address is turned off.

Communicate with the Remaining Staff

Keeping the rest of the staff informed about the employee's departure is essential to maintain transparency and prevent potential issues. Encourage open communication and address any questions or concerns they may have. Promptly inform employees that they should not share any files or data with the separated employee and to notify you if the former employee reaches out to them about access to files or data.

Monitor File Storage

Continuously monitor file storage systems, such as SharePoint, OneDrive, and Google Drive, to track any downloads or unauthorized access by the departed employee. Even after account access is revoked, they may still have access to file storage for a limited amount of time through other devices they own. Be vigilant and identify any unusual activity promptly.

Forward Emails and Configure Auto-Replies

Set up email forwarding from the ex-employee's account to a designated team member to ensure important emails are not missed. Configure an auto-reply stating that the employee has left the organization and provide alternative contact information for a current employee at your organization. Maintain this forwarding and auto-reply setup for around 90 days.

Update Passwords and Authentication

Many organizations share accounts for one reason or another. It’s not a best practice, but if this is the case, ensure that you change all shared passwords in use at your organization to avoid unauthorized access by the separated employee. All shared passwords must be changed unless your organization is able to technically (not anecdotally) validate that the departed employee only had access to a subset of shared passwords.

Conclusion

Properly managing the departure of an employee is crucial for maintaining cybersecurity within an organization. By following these essential considerations and implementing additional suggestions, organizations can mitigate the risk of data breaches, unauthorized access, and other potential security threats. Timely actions and clear communication play a vital role in safeguarding sensitive information and protecting the organization's overall cybersecurity posture. Have questions about employee separation best practices? Want to learn more about how to automate many of the items mentioned above? Set up a consultation with us here.