Tom is hired by a mid-sized software company in their finance department. His manager quickly realizes it’s not a good fit. The result is an awkward conversation, but one that everyone agrees is for the best.
Although Tom departs the organization that day, he still maintains access to critical company information. For example, there’s a new expense software he was tasked with trying out that he is the administrator of. It’s got a lot of sensitive information on employees and the company’s processes.
Thankfully, Tom doesn’t do anything malicious. That’s not always the case.
After a termination, Juan Rodriguez remotely accessed Mariott’s systems. The disgruntled ex-employee allegedly changed the price range of 3,000 rooms from $159-$499 to $10-$59, resulting in a loss of more than $50,000.
Or there’s the case of a former McAfee employee who leaked trade secrets to a rival organization after leaving. Could these situations have been avoided?
Yes! A hasty offboarding that doesn’t ensure access to critical information is terminated is a significant liability from a compliance and security standpoint.
With that in mind, here’s a simple guide to employee offboarding for IT teams.
The Risks of Poor Employee Offboarding
A data breach is likely the first thought that occurs when discussing offboarding risks. After all, a departing employee doesn’t always leave a company on excellent terms. There are other risks too.
Access to Sensitive Data
Employees can forward emails to a personal address. These emails can include customer and employee personally identifiable information (PII). Compliance can become a significant concern.
One of the most common issues with poor employee offboarding is not deprovisioning software licenses. Whether it’s idle licenses, unused storage, or devices collecting dust, many of these expenses result from incomplete offboarding processes.
When change occurs, business activities are interrupted, and productivity stalls. But the impact of change caused by offboarding can be lessened if it’s done quickly and smoothly.
How to Make Employee Offboarding More Efficient
It’s clear by now that an improper employee offboarding process can pose a considerable security risk to your organization. And for industries beholden to federal regulatory compliance requirements such as healthcare and finance, organizations may even face legal scrutiny if the employee offboarding process is not managed correctly.
One of the first things you need in place is a transparent communication process between HR and IT. IT must be aware before off-boarding an employee so it can prioritize the necessary tasks.
As soon as someone is disassociated from your firm, you should automatically suspend all emails and access to your customer relationship management system. To ensure that nothing is left to chance, you should also run through an offboarding checklist immediately to verify that access to all systems has been terminated.
The challenge is that you need to figure out what apps employees have signed up for and used, what access permissions you must revoke, and what company data resides in these apps.
With the proliferation of Shadow IT, it’s not always easy to do this. That’s where a SaaS management platform like Augmentt comes into play.
A single dashboard for all SaaS apps and usage can increase visibility and avoid security risks associated with employee offboarding.
For example, employees can be quickly onboarded and offboarded to and from the applications they need. Plus, reports can readily show which users have access to what applications, and which licenses.
These processes can automate and simplify life for IT, enabling greater efficiency and productivity.
The Wrap on Employee Offboarding
Treat the loss or termination of an employee as a high priority item that your team must deal with to meet the security mandates you’ve put into place. And make sure that you know exactly what someone had access to and what applications they used.
You need to take action the moment you know an employee is leaving the company. As we’ve seen before, the consequences may otherwise be devastating.