So, your onboarding process is slick, idiot-proof, and sprung from the loins of an exemplary and mature onboarding checklist. How about your offboarding process? If it’s just scribbled notes Sharpied on the back of your colleague’s neck, it’s time to set up the kind of employee offboarding automation that’ll make St. Francis eat a bunny.
Wait, Who Cares About Offboarding Properly?
We do and you should. Everyone knows that when you’re onboarding, the stakes are high. You need to impress. Give a new hire a bad first day and they’ll be disengaged, less productive, and tell everyone what crap you are. But the stakes for offboarding are real too, and here’s why:
Open Accounts Are Unsafe
When somebody leaves, in a strop or otherwise, there is a whole mess of data breaches waiting to happen. You need to lock down that data, close those accounts, and remove access from shared files, groups, and the corporate intranet. You’ll need to de-provision like crazy and also freak out about how much data your leaver still might have access to. Open accounts are a gap in your information security management system that no one wants.
Open Accounts Cost You Money
Open accounts will cost you in cold, hard dollars, whether those accounts are used or not. You’ll still be forking out for cloud services, licenses, and account logins. And, if you’re all loved up with Cloud SSO, ongoing costs for some services like Github Enterprise or Microsoft 365 E5 can punch a fat hole through your budgets.
Where’s That Device?
If you’re regularly hiring and offboarding in bulk (for instance, with seasonal staff) or if your old hire simply vanishes along with your corporate device, that corporate data is at risk. And, you’ll have to buy another device. Sensible offboarding practices reduce the risk of device and data loss by giving you the ability to lock and wipe data remotely.
Poor Offboarding Tarnishes Your Brand
People talk, and that includes your ex-people. No matter how shiny your reputation is, a poor offboarding experience will take that shine right off.
So, Is Automation the Way Forward?
You know it. Automation makes everything better. Automating your offboarding process will get the job done faster, reduce or eliminate human error, and save your HR and IT people time and headspace, releasing them for more strategic or fun tasks.
Employee Offboarding Automation
Nail the Process Down
Before you start with any of the techy stuff, you’ll need to decide precisely how your offboarding process should actually work. It’s time to get down and dirty with the details. Start with the basics. When you have a theoretical leave date, decide:
- – When to kick off any offboarding HR workflow.
- – When to retrieve licenses.
- – Where to forward your leaver’s email.
- – Whether and when to set up a mail autoresponder.
- – How and when to revoke access to corporate and role data.
- – What happens if your leaver has forgotten the password to their device.
- – How you’ll recover the device if it’s corporate-owned, and what’s the process if you never get it back.
- – How and when you’ll wipe corporate data from a personal device.
You’ll also need to clarify roles and responsibilities. From all this, you’ll be able to create an offboarding workflow.
Set Up Mobile Device Management (MDM)
Whether your people are fully remote, office-based, or a hybrid mix, MDM is the resource you’ll need to configure and automate the offboarding processes that’ll de-hire your leavers securely, effectively, and beautifully. If you already use MDM for onboarding automation, you’re most of the way there, but offboarding is more than onboarding. Offboarding can be similar, but backward and in high heels, á la Ginger Rogers.
Here are the four MDM basics that you’ll need to properly set up employee offboarding automation:
Set Up Device Visibility
MDM will corral your devices into a single IT asset register which you’ll be able to manage from your MDM dashboard. This means that, when it’s time to say goodbye, you’ll have control over the devices that need to be secured and de-provisioned.
Encrypt All the Things…
….but don’t forget your recovery key. Data encryption is a standard security tool that converts data into the kind of gibberish that only people with the magic password can read. If your leaver has forgotten their password or they disappear, you’ll be able to recover that corporate data with your recovery key.
Set Up an Identity Authentication Manager
This is the fairy dust in MDM that’ll enable you to close all your leavers accounts and access privileges with a single tap of a keyboard, pretty much. Cloud SSO is an example–it gives an employee access to multiple corporate cloud-based accounts and web services using one authorized digital identity. When that employee leaves, it’s simple to revoke access and close all accounts by un-deploying that digital identity.
Protect Corporate Data on BYOD Devices
MDM enrolls BYOD devices, too, and keeps corporate data separate from the personal stuff, using mobile application management (MAM) to wrap it up in a separate virtual container that you can control from your MDM dashboard. You can block your old hire from copying data and apps from this virtual corporate space onto their own personal space, and when they leave, you can access, retrieve, or wipe the corporate stuff without affecting your old hire’s personal apps and data.
Offboarding Automation Doesn’t Have to Hurt
If you’re thinking, “Hmm, I reckon I need to properly set up employee offboarding automation, like, today,” then you’ve picked the perfect time because we’re waiting by the phone and can tell you all the other cool ways you can improve your offboarding using the magic of MDM and us.
Ignition is Silicon Valley’s best (and friendliest) IT security, compliance, and support team. Call us now–chatting about IT support and cybersecurity is our favorite thing to do!