Why should your IT Department be involved in off-boarding employees?
Are You Off-Boarding Your Staff In a Cyber-Safe Way?
In most businesses, the onboarding and induction process is a well prepared and usually follows a step by step process running like a well-oiled machine but unfortunately the offboarding process sometimes becomes a little confusing and can leave organisations vulnerable to cyber criminals.
Whether your former employee has left on good or bad terms, when a person leaves your business, a well-executed process should be followed to ensure that an employee no longer has access to company data and assets following their departure and your internal IT department should be involved rather than this process being left to HR.
But how can you say goodbye to your former colleague in a cybersafe way that protects your organisation?
Take a look at the employee’s digital footprint (together with your IT-department) and make a list of data and assets your colleague has access to. Make an inventory of all data that should be retained. Don’t forget to create a list of all programmes, Microsoft Teams, shared inboxes that the employee has access to and set a timeline of when to revoke access to these programmes and save any data.
Use tools like Microsoft Productivity manager to audit user activity to get an insight into the areas of M365 that are being used by the employee.
Check with IT for other devices used by the employee for work related matters and delete access from applications installed. Make sure you are looking out for shadow IT which may have been installed.
Set up an out of office message and forward all email and voicemails. You can automatically archive emails in Outlook, making sure no important emails are lost. You may wish to divert emails to a senior member of the team whilst any new members of staff are onboarded.
Change all necessary passwords, and do not forget your social media accounts! We advise you to use a password manager. Using a password manager will save you time by removing the need to send new passwords around in a Teams chat or other unsafe ways.
Make sure all devices, company credit cards and keys have been returned before the employee has left and once that employee has left the organisation for the last time, remove their employee access with immediate effect. If the former member of staff also had access to company social media accounts ensure that their permissions are changed.
Offboarding team members is no longer just a HR process, to ensure that your business is safe from bad-actors or any potential threats your IT team must be involved from the outset.
Opens in a new windowOpens an external siteOpens an external site in a new window
Manage Cookie Consent
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.