Today's digital workplace is covered by footprints. Employees begin making a digital imprint the moment they're hired. Instantly they'll get a company email address and application logins. They may even update their LinkedIn page to connect to your company.
When the time unfortunately comes for an employee to leave, there is a process that needs to take place to protect the company. This is the process of “decoupling” the employee from the company’s technology assets. This digital offboarding is vital to cybersecurity.
This is put in place to avoid situations such as a former employee maliciously emailing all your customers from their work email. Sensitive files left on a former staffer’s computer could leak months later.
20% of surveyed businesses have experienced a data breach that was connected to a former employee.
Digital off-boarding means revoking privileges to company data, and much more. This is a critical process to go through for each former staff member to reduce the risk to the company.
Below, we’ve provided a handy checklist to help you cover all your bases.
Your Digital Offboarding Checklist
Knowledge Transfer
A lot of corporate knowledge can disappear when a person leaves an organisation. It’s hugely beneficial to avoid this during a digital offboarding process.
This could be something as simple as what social media app someone used for company posts. Or it could be productivity leveraging, such as the best way to enter the sales data into the CRM.
Make sure to do a knowledge download with an employee during the exit interview. Better yet, have all staff regularly document procedures and workflows. This makes the knowledge of that team member available if they are not there to perform those tasks.
Address Social Media Connections to the Company
Address any social media connections to the former employee.
Is their personal Facebook user account an admin for your company's Facebook page?
Do they post on your corporate LinkedIn page?
Identify All Apps & Logins the Person Has Been Using for Work
Hopefully, your HR or IT department will have a list of all the apps and website logins that an employee has. But you shouldn't assume this. Employees often use unauthorised cloud apps to do their work. Often, this is done without realising the security consequences.
Make sure you know of any apps that the employee may have used for business activities. You will need to address these. Either change the login if you plan to continue using them. Or you may want to close them altogether after exporting company data.
At Kixup Repairs and Kixup IT we keep all secure information such as login details in a software manager called Keeper. We can share login details to other team members so they can use them. What's great is that the sharer can select an option that doesn't allow the receiver to see the password details. You can also revoke access to this at any time.
Here's an example of a real-world scenario. Our marketing manager needed access to another software to remotely access our in-store display ads to update the creative assets. I shared the login details via Keeper. They were then able to go in instantly and do what they needed to do. This meant that a change within the business was done safely and quickly. If I feel like they no longer need access to those logins, I can revoke their access.
Change Email Password
Changing the employee’s email password should be one of the first things you do. This prevents the former employee from getting company information. It also keeps them from emailing as a representative of the company, which believe me, can be damaging.
Accounts are typically not closed immediately because emails need to be stored. That's why you should change the password ASAP to ensure the employee no longer has access.
Change Employee Passwords for Cloud Business Apps
Change all other app passwords. Remember that people often access business apps on personal devices. So, just because they can’t access their work computer any longer, doesn’t mean they can’t access their old accounts.
While we make a habit of using Keeper, in situations where employees are using their personal phones for work purposes for example, this can be vital.
Changing the passwords locks them out no matter what device they are using. You can even simplify the process with a single sign-on solution.
Recover Any Company Devices
Make sure to recover any company-owned devices from the employee’s home. Remote employees are often issued equipment to use.
You should do this as soon as possible to avoid loss of the equipment. While we hope the employment didn't end on bad terms and they still have respect for the business, it's not wholly uncommon for people who no longer work for a company to sell, give away, or trash devices.
Recover Data on Employee Personal Devices
Many companies use a bring your own device (BYOD) policy. It will ultimately save money, but then the trade off is that it can make offboarding more difficult.
You need to ensure you’ve captured all company data on those devices. If you don’t already have a backup policy in place for this, now is a good time to create one.
Transfer Data Ownership & Close Employee Accounts
Don’t keep old employee cloud accounts open permanently. Choose a user account to transfer their data to, and then close the account. Leaving unused employee accounts open is an invitation to a hacker.
When no one monitors the account, breaches can happen easily. A criminal could gain access and steal data for months unnoticed.
Revoke Access by Employee’s Devices to Your Apps and Network
Using an endpoint device management system, you can easily remove device access. Simply remove the former employee’s device from any approved device list in your system. This is a simple, yet often forgotten step.
Change Any Building Digital Passcodes
Don’t forget about physical access to your building. If you have any digital gate or door passcodes, be sure to change these so the person can no longer gain access.
Need Help Reducing Offboarding Security Risk?
When you proactively address digital offboarding, the process is easier and less risky. We're the experts in Queensland with offices in Mount Isa and Gladstone. Contact us today for a free consultation to enhance your cybersecurity.