With a small business employee leaving, there are a few things that you must check to keep your business from having cyber issues.
When an employee leaves, you must disable or delete their log-in accounts to your computers as well as getting rid of that employee’s accesses to any other company “owned” online accounts and local physical areas. This may include changing shared accesses to company resources- like, for example, changing the combination of a shared company safe every time an employee leaves.
This decreases the chance of that employee coming back in any malicious manner and disrupting your business, IT wise as well as lowers the footprint of your business to a cyber criminal by making old accounts less accessible.Employee Off-boarding Risk Assessment
Think about disabling the terminated employee’s:
- company credit card
- access to your company bank accounts and/or purchasing accounts
- access to shared company resources like safes (change out safe combos) or other protected areas
- local and remote access to their computer account(s)
- and of course access to their old office. This might mean you will need to change out the locks on certain doors, especially if you suspect they have a copies of the keys, etc.
If by chance there is an old employee that needs to get some of their stuff back even after leaving the business, we recommend that you escort them to their old stuff or provide an escort for them.
A Small business employee leaving your site without a proper off-boarding procedure or policy can certainly leave holes in your security. For example, leaving an old employee computer account does increase the footprint that a cyber criminal can exploit, and we don’t need any more of that. An unused or old account can be ideal to use when breaking into computer networks or systems. A disgruntled employee may also find their working old accounts very useful.
Please add this deletion of accounts of terminated employ and modification of shared resource access to your employee off-boarding policy. Everything we’ve stated here are minimal standard off-boarding procedures for most US Government and Military organizations that handle sensitive data (which, yes, can translate into a lot of work for large organizations, but it must be done for security’s sake). Why not handle access to your data in this simple manner?
Comments and questions below are viewable and open to members only.