Protecting Sensitive Data from Ex (or about to be Ex!) Employees.... | Fraser Valley Tech Security Support

office

office

Losing an employee is usually a sad day. It does not matter whether you may be losing a hard-working champion to a fabulous new adventure, or whether you have to fire a disgruntled slacker for misconduct, it is an emotional one for many. For a business owner, though, it can also be quite a dangerous day, especially if it is the latter scenario. That employee probably had access to all sorts of valuable company and/or customer data, before their dismissal.

Having a solid IT procedure in place to off-board an employee can save all kinds of headaches down the road. Long before you ever have need for it (ie today or tomorrow!), have a meeting with your IT department/service to discuss what areas of the company records would be vulnerable, and put together a solid procedure.

Here are a few things you may want to consider when putting together an off-boarding procedure.

  1. Use a least-access method with all employees – ie only give access to what the employee needs to do their job. For example, if they don’t need access to financial folders, don’t give them access to that location on the company servers. It means less to deal with later.

  2. When the day of a dismissal comes up, alert your IT department in advance, so they can be ready to begin the procedures as soon as (or just before) the employee is notified.

  3. Disable the employee’s access to their office account, but don’t delete it straight away, in case you need any files. Copy or relocate these files, and then you can delete the account. (Have this done and delete the account within 30 days.)

  4. Change the password to any remote or web tools that they used, along with passwords to shared accounts.

  5. Change the passwords/pin numbers to any other devices like copiers and alarm systems.

  6. Disable the employee’s email & voicemail and have them forwarded to a relevant employee or manager.

  7. Remove the employee from any group lists, such as email directories, company email groups, phone listings and your website (if you have an employee list on your website!).

Depending on your companies resources and working procedures, this list may cover everything you need to do, or there may be a few more areas to consider, but it is a good place to start.

If you need advice on what your company can do to prepare for this kind of scenario, or help in putting a procedure in place, feel free to email the Wild Frog Systems IT Support Team at info@wildfrogsystems.com or phone 778-771-0184.