Everyone knows there are three different types of employee offboarding:
- “I quit.”
- “You’re fired.”
- “Hey, where did Sarah go?”
Whatever flavor of offboarding you’re faced with, you’ll need to make some good decisions because improper offboarding is super-risky to your business and your blood pressure. So, let’s get to grips with the things to remember when you’re offboarding an employee remotely.
Who Cares About Offboarding Securely?
We do, and so should you. A butt-clenching cornucopia of security risks comes free with every poorly-offboarded person. You’ll enjoy itty-bitty risks, such as paying for licenses you no longer need, to big, hairy risks such as an ex-hire:
- Taking confidential corporate data off to a competitor business who just happens to be their new employer.
- Creating a superuser account, breaking into payroll, and awarding ex-colleagues a ton of vacation pay just for fun.
- Breaking into a system and destroying 21 gigatons of data in revenge for being sacked.
…and these are only a little taster of offboards gone rogue. But, secure offboarding isn’t just about mean ex-employees. Improper offboarding can damage your reputation, not only among new hires, but current hires as well. And, believe it or not, you should give a damn ‘bout your reputation.
Offboarding Things You Should Already Have in Place
A Robust Offboarding Policy
Good policies make everything clearer, and we like that. If you have an offboarding policy, you’ll have thought through and communicated the plans and expectations around offboarding. Ain’t you the dogs. Your policy should include:
- Roles and responsibilities for employees, e.g., what is expected of leaving employees, what is expected of HR, who needs to be notified, when should the leaving procedure kick off, blah blah blah, etc.
- Who in IT is responsible for maintaining your IT offboarding checklist and for chewing the fat with HR.
- What actions you’ll take should an employee disappear (hopefully not a concrete-boots-in-a-lake disappearance).
- How you handle a temporary offboarding, e.g., for employee sabbatical leave.
- How to keep hold of those expensive corporate devices when somebody leaves.
An IT Offboarding Checklist
Your onboarding checklist is award-worthy, sure, but how is your offboarding checklist looking? To offboard securely, you’re gonna need a robust offboarding checklist. Don’t panic, because once you’ve got that down, you’ll be able to cope with any flavor of offboarding. This is because it’s the ABC of offboarding in action.
Mobile Device Management (MDM)
MDM is the control tower from which you monitor your fleet of devices, especially Sharon’s, now that you know she’s on the Fed’s Most Wanted list. MDM is your toolbox of offboarding magic and your main means of putting into action your offboarding checklist. If you don’t have MDM, what you have is a sloooooow offboarding process with a load of security holes. And, oh yep, your flavor of MDM’s awesome encryption magic makes sure that if your employee has forgotten their password, you’ve a cute little encryption key to regain access.
Robust Identity and Access Management
Robust identity management practices like Cloud Single Sign-On (SSO) give your employees a unique authorized digital identity that gives them secure access to the good stuff. This is a win for onboarding, but also for offboarding, as it’s a quick and secure way to revoke access.
Your Checklist for Offboarding an Employee
Apart from the usual legal stuff (yawn), there’s a clutch of IT security actions you’ll need to take before you can give your offboarding the high five it deserves. Get your teeth around these:
Revoke Access to ‘All the Things’
Who wants to rely on memory or make a ton of calls to HR? Not anyone we know. That’s why, with a touch of automation, it’s straightforward to terminate access to all the things: apps, files, network access, or corporate intranet. Remember that identity management? It’ll help polish this process out to a crispy shine.
Get Your Stuff Back
Your soon-to-be-ex-employee may still have a corporate-owned laptop, tablet, smartphone, or heck, even a USB memory key sitting stuffed down the back of the sofa, so it’s time to take back control of those bad boys. Corporate devices out in the wild are a data breach waiting to happen. Somewhere in your policies, you’ll have outlined when employees should return your hardware and what happens if they, err, forget. If you subscribe to the ancient philosophy of laptop logistics and device warehousing, this won’t be a problem.
Close Their Cloud Accounts
Even when your ex-employee can’t access their accounts, a hacker might be able to. Open accounts are open goals. They’re also dollars down the drain because you’re still paying for those accounts. Close ‘em down, people!
Secure or Wipe BYOD (Bring Your Own Device) Data
Offboarding gets a little more complex if you have a BYOD policy – you’ll need to securely access or wipe the corporate data from personal devices. This should be straightforward if you’ve deployed mobile application management software, which wraps corporate data up in a separate and secure virtual container within the device and allows you to retrieve or wipe the data without affecting personal stuff.
Deal With Email
Your ex-person may still get a ton of emails from customers, suppliers, or colleagues who don’t know they’re an ex-person yet, so don’t forget to set up autoresponders and mail forwarding.
If Offboarding Makes You Sweat, We Can Help
Securely offboarding employees shouldn’t make you cry, hide in your underwear drawer, or reach for the nearest doughnut (with extra sprinkles). With a robust checklist, decent policies, and a whole ton of wised-up security protocols and configurations, it’d be almost impossible for you to muck up. We’re here to hold your hand when you’re offboarding an employee, or a thousand, so give us a call.
Ignition is Silicon Valley’s best (and friendliest) IT security, compliance, and support team. Contact us now – chatting about IT support and cybersecurity is our favorite thing to do!