Digital footprints are everywhere in today’s workplace, with employees making them as soon as he or she is hired.
For example, a company email address and login information is sent to them. Even their LinkedIn page may be updated to connect with your company.
However, this creates problems down the road, when employees leave your company for any number of reasons.
Old information can become unguarded at best, while at worst, disgruntled former employees could act with malicious intent towards your company.
You don’t want former employees using their old work email accounts to send malicious emails. And, leaving sensitive files on a computer for months is not uncommon among former employees.
Even beyond security, you don’t want to lose key information when valued team members leave your organization.
The solution, then, lies in better digital offboarding.
This involves a number of procedures, from deactivating email accounts & removing access to your system, to categorizing & deleting their leftover data.
Let’s take a closer look at why it’s so important, and what steps you’ll want to take.
How Important Is Digital Offboarding?
When an employee leaves a company, there is a process to follow. Through this process, employees are decoupled from company technology assets.
As mentioned above, whether intentional or not, issues often arise when digital offboarding is performed improperly (or worse, not at all).
This makes digital offboarding a critical component of cybersecurity.
But, is it really that big of a problem? Is it really something you should be concerned about?
Yes; it is, and you should be.
In fact, data breaches involving former employees have occurred in 20% of surveyed businesses.
In addition to revoking privileges to company data, better digital offboarding involves many other steps. To reduce risks, you’ll want to follow a set process for any of your former staff members.
To make sure you don’t miss anything, we’ve created a handy checklist.
Checklist: Better Digital Offboarding
When a person leaves an organization, a great deal of corporate knowledge can be lost. During the digital offboarding process, it’s important to capture this information.
For instance, you might want to know what social media app someone uses for posting company news. Or, maybe you need to know their current CRM data entry methods, for example.
If you have the chance to conduct an exit interview, make sure you ask these sorts of questions, while you still have the chance.
Or, better yet, require staff to document workflows and procedures as a matter of routine.
If you take that route, you’ll always have the information available.
Identify Social Media Connections
If your former employee has any social media connections, you’ll want to address them.
Are they admins of your company’s Facebook page through their personal Facebook account?
Do they help run your LinkedIn page?
If so, take the time to remove their access, and change any passwords they may have access to.
Assess the Person's Work-Related Apps and Logins
You should be able to find a list of all the apps and websites a particular employee has logged into through your HR or IT department.
However, this isn’t something you should simply assume, either.
For instance, it’s common for employees to use unauthorized cloud apps for work purposes. And yet, the security consequences of this are too often ignored.
Ensure your awareness of any apps the employee may have used for work, and address the issues as needed.
Change any login information if you plan on using these programs in the future.
For any unauthorized apps or programs, make sure you delete them before they expose you to unnecessary risks.
Change Employee's Email Password & Other Apps
One of the simplest things you can do to protect your business is to either deactivate their email account, or at the very least, change the password.
Additionally, you’ll want to change passwords for any other apps or programs your employee previously had access to.
It is important to remember that many people access business apps via their personal devices. That means that even though they can’t access their old work computer, they can still access their accounts through a phone or home computer.
However, if you change the password, they are locked out regardless of which device they use.
Retrieve Company Devices During Digital Offboarding
Sometimes, companies provide their employees with devices for home use, especially remote workers.
It might be a router, a mobile phone, a computer, or even something else.
If your company provides this sort of equipment, you’ll need to make sure you recover them.
It is important that you do this as soon as possible to prevent the equipment from being lost or damaged.
Too often, devices are sold, given away, or trashed once employees no longer work for their company.
Retrieve and Remove Data from Employee Personal Devices
Some companies use a “bring your own device” policy. While it can save money, it definitely makes the digital offboarding more difficult.
Be sure to capture all company data on these devices. Creating a backup policy now is a good idea if you don’t already have one.
Close Employee Accounts and Transfer Ownership of Data
As part of the digital offboarding process, you definitely don’t want to maintain cloud accounts for old employees indefinitely.
After transferring their data, close the account they used to store their data. Hackers can gain access to unused employee accounts if you leave them open.
When old accounts go unmonitored, criminals can gain access & steal data for months without anyone noticing.
Revoke Employee Device Access to Your Apps and Network
Just like removing access to accounts, you’ll want to remove access to any physical devices your employee used.
Device access can easily be revoked through an endpoint device management system.
Any approved device list in your system should no longer include the former employee’s device.
Change Digital Passcodes to Buildings
In addition to items like computers, software, and apps, don’t overlook your building’s physical accessibility, either.
Make sure you change any digital gate or door passcodes so that the person cannot access the property.
Let Us Help Reduce Your Digital Offboarding Security Risks
Like many aspects of cybersecurity, the process of digital offboarding is easier and less risky when you address it proactively.
Having established checklists and procedures enables you to remain confident in the security of your account information & sensitive data, even after key employees leave.
Remember to collect all devices, and gather as much information as you can from your exiting team members, if possible.
Make sure to remove their access to key accounts, like emails or social media, and change passwords for any accounts that require it.
That said, some companies may require a more in-depth offboarding process, especially those that deal with sensitive information.
The good news is that there’s no reason you need to struggle to establish the right protocols for your business.
Ideal Integrations, along with our cybersecurity division Blue Bastion Cyber Security, can help.
Simply contact us at 412-349-6680, or fill out the form below, and our IT and security experts will provide a no-obligation guide through any potential problems & solutions your business faces.