In most businesses, the onboarding and induction process is a well prepared and usually follows a step by step process running like a well-oiled machine but unfortunately the offboarding process sometimes becomes a little confusing and can leave organisations vulnerable to cyber criminals.
Whether your former employee has left on good or bad terms, when a person leaves your business, a well-executed process should be followed to ensure that an employee no longer has access to company data and assets following their departure and your internal IT department should be involved rather than this process being left to HR.
But how can you say goodbye to your former colleague in a cybersafe way that protects your organisation?
Take a look at the employee’s digital footprint (together with your IT-department) and make a list of data and assets your colleague has access to. Make an inventory of all data that should be retained. Don’t forget to create a list of all programmes, Microsoft Teams, shared inboxes that the employee has access to and set a timeline of when to revoke access to these programmes and save any data.
Use tools like Microsoft Productivity manager to audit user activity to get an insight into the areas of M365 that are being used by the employee.
Check with IT for other devices used by the employee for work related matters and delete access from applications installed. Make sure you are looking out for shadow IT which may have been installed.
Set up an out of office message and forward all email and voicemails. You can automatically archive emails in Outlook, making sure no important emails are lost. You may wish to divert emails to a senior member of the team whilst any new members of staff are onboarded.
Change all necessary passwords, and do not forget your social media accounts! We advise you to use a password manager. Using a password manager will save you time by removing the need to send new passwords around in a Teams chat or other unsafe ways.
Make sure all devices, company credit cards and keys have been returned before the employee has left and once that employee has left the organisation for the last time, remove their employee access with immediate effect. If the former member of staff also had access to company social media accounts ensure that their permissions are changed.
Offboarding team members is no longer just a HR process, to ensure that your business is safe from bad-actors or any potential threats your IT team must be involved from the outset.
