Security Best Practices When an Employee Leaves a Company

Employee turnover is a fact of life. When an employee leaves, there are cybersecurity measures we recommend following. Whether the separation with the departing employee was amiable or not, it is best to ensure the safety of your company data.  

In fact, up to 25% of the data a precious employee can access is sensitive data. Having a process in place can prevent accidental or planned data breaches. Use these best practices to maintain cybersecurity in your company after an employee leaves: 

Reset Passwords

The first step to prevent data breaches is to disable a departing employee’s password. Blocking their user sign-in can take some time, which is why disabling their password will set up the first line of defense. A manager with an admin account can change the password until you can disable the user login later.

You can generate a password or change it to anything, as long as access is revoked when the employee leaves. This way, any company data or networks are protected from being tampered with or deleted.

Don’t forget to remove any password recovery option too, so that the departing employee cannot use another device or email address to access their changed password.

Disable Company Emails

After  changing passwords, disable any company emails when your employee leaves. The company email is most likely the key they use to access not only company communications, but also shared clouds or shared app accounts. By disabling their email, you are making sure that they cannot log in to all of the accounts where private project data may be stored. 

Numerous cyberattacks are attributed to unauthorized email use. Blocking access prevents any ex-employee from engaging in phishing scams or malware uploads. You can also consider implementing an email protection solution, which can use filters and threat management as another layer to safeguard your company.  

Block Access to Shared Accounts

About 40% of former employees have logged into a company account after parting ways with an employer. Shared accounts within the company do facilitate project completion while team members work together. When a team member leaves, however, to avoid risks or time-consuming setup of new accounts, it’s best to block a departing employee’s access. 

Shared accounts may include project calendars, cloud services, messaging apps, etc. To protect yourself from any data breaches, it’s best to have an inventory of these accounts and immediately change passwords when an employee leaves.  

One way to achieve this is by ensuring your IT team can monitor suspicious activities, so that other teams don’t have to worry about data losses.

Related: Impact Network Control: Remote Monitoring and Management (RMM)

Audit Company Devices

Device audits entail checking files, defragmenting hard drives, and other tasks to ensure devices are working properly. If the device belongs to the company, performing an audit is necessary to remove any malware an employee may have accidentally or intentionally left. You can also perform audits on devices such as memory sticks, so that any important company data is not endangered.  

Company devices may become vulnerable inadvertently through their lifetime, so we recommend having regular updates and audits whether employees continue their relationship with you or not. This safe practice will ensure another layer of protection for your network and shared systems. 

Protect Physical Layers

Preventing unwanted access to a company’s physical facilities is another important safety practice when offboarding employees. Key cards, physical keys, and any other devices that grant entrance to a facility must be collected so any information is not compromised. Companies that ensure their cloud systems are protected while they grant access to physical premises remain vulnerable. 

If the termination was completed in unfriendly terms, this step is essential. In this case, a former employee could erase data valuable to your organization, compromise systems, or steal sensitive data.  

Related: What Should You Expect In Your Cybersecurity Tech Stack? 

Conduct a Departure Interview

A final step to reinforce security is to conduct an offboarding interview. During this interview, you can ask the employee to sign any disclosure agreements, if that was not a part of onboarding. This way, they will relinquish access to your company data. You can also collect any company devices during the interview, so that they can be audited and wiped.  

Another benefit of conducting an interview when an employee leaves is to assess if they are dissatisfied or if they mention future plans involving the use of company data. That way you can inform your IT team so they can perform needed extra monitoring or safeguarding.  

Bottom Line

A company will undergo employee migration at any point. Although this is inevitable, increased risk to intellectual property or valuable data is preventable. Following the steps above, you can protect yourself and avoid any monetary, informational, and time losses caused by leaked private information. Don’t forget to implement these steps when an employee leaves your company for peace of mind.

If you’d like to continue learning about the best cybersecurity practices for your business and how to implement a layered strategy to stay secure, download our eBook, What Makes a Good Cybersecurity Defense for a Modern SMB?