![]() ![]() Protecting the employee's dignity by limiting exposure only where necessary will not go unnoticed in the rest of your organization. While company systems should only ever be used for company business, we know human nature pulls some people in the opposite direction. To protect both the company's and the employee's dignity, the best way to approach this is to forward email only to the direct manager of the employee who just left the firm. Never forward email to an external email address and be very wary of forwarding email internally to the employee's replacement, if there is one. Don't forget other commonly overlooked applications such as Dropbox, which can be configured to sync data to a personal home machine. Start with the business-critical applications first, such as CRMs and Financial applications. Change and disable application-level passwords and accounts.This is an additional step that helps reduce any chance of re-entry into your systems. This helps ensure any group-based permissions are removed and minimize future reminders to other employees about the termination. Remove the employee from all access to AD and/or 365 groups and memberships, as well as phone systems account, social media accounts, etc.This may seem redundant, but in the heat of employee termination, taking these two steps together greatly increases the chances that at least one of them gets done if the other one is missed. Change the employee's password and disable their Active Directory (AD) and/or 365 user account(s).This is by far the fastest and most effective step you can take during an employee termination procedure. Having MFA enabled on as many systems as possible allows you to shut down access to all of those systems in a single action. If you haven't, make MFA implementation a priority in your project list, starting today. Disable MFA (multi-factor authentication) – This should be the very first step, assuming your organization has already implemented MFA across the organization.Checklist prior to the termination meeting: You may also want to ask them for further advice to be as thorough as possible. Once you're in the termination meeting, make sure your IT department has instructions such as the following, at a minimum. Above all, you need to make decisions that protect the company, the departing employee's dignity as much as possible, and maintain your remaining employees' respect. There is no one size fits all approach, and you may have to pivot quickly based on how the meeting progresses. Regardless of which approach you choose, terminating an employee is never fun. This dramatically reduces the chance of retaliation but also maintains respect within your remaining workforce. If you suspect an exit interview may go quite badly, try to minimize any humiliation or embarrassment on behalf of the ex-employee, but consider having additional employees or a protective detail on stand-by as well, making sure they are inconspicuous throughout the process. What if you have to offboard an employee on bad terms? Make sure you have a well-written Acceptable Use Policy and that all your employees read and sign it.Ĭheck out some of our other content on IT security.Ensure you have password rotation policies, with a maximum age of 90 days.Verify you have healthy backups of all internal systems going back at least 90 days.Enable and enforce MFA across your organization.If you don't have an IT provider well-versed in modern IT security management, then strongly consider hiring one. ![]() Ensure your organization has a comprehensive and robust security policy in place that protects against malicious outside actors, particularly centered around your firewalls, sensitive systems, and applications.Policies to prevent ex-employee security breaches: Whether you think the employee is a threat to your network or not, the following steps should be put in place to protect your security. One of the best ways to protect your organization is to prepare these security protocols ahead of time. While malicious damage to company systems rarely comes from disgruntled employees, it does still happen. Terminations are easier when IT security policies are in placeĪs the manager and HR are conducting the meeting with the employee, you'll want IT working to spin-down all accounts and access by the conclusion of that meeting. Before you do something you will regret, take a deep breath, and make sure you have your employee termination process dialed in. Because of that, your IT support team needs to be a part of the discussion before the termination occurs. No matter the situation, IT security cannot be ignored. Severing a professional relationship is difficult, especially when it is an employee termination. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |