Regardless of the size of the company, most have a process in place when an employee leaves the organization, either voluntarily or through termination. Many conduct an exit interview, collect keys and ID cards and escort the employee from the building. With the proliferation of BYOD and the blurring of the lines of devices used for personal and professional activities, businesses need to develop a more comprehensive checklist to protect the company’s data and secure their network. Here are some items you should include on your checklist:
1. Forewarn your IT and security teams that an employee is leaving, regardless if it is a termination or a voluntary resignation. Give them time to prepare to implement their action items in the exit process.
2. During the exit interview, re-affirm the company’s policies regarding document retention and confirm that company data has not been saved to personal Drop Box accounts or on personal devices.
3. Review the inventory of equipment provided to the employee and request the return of company devices including mobile devices, laptops, flash drives and external hard drives.
4. Supervise the deletion of any company and remote access accounts saved on personal devices.
5. Have the IT team change email and network passwords and have all emails forwarded to a supervisor.
6. Change access codes to computer-related security systems.
7. Change pins or passwords on any corporate financial accounts or credit cards and deactivate corporate cards issued in the employee’s name.
8. Accompany the employee to their desk and monitor their activities while they pack their belongings, regardless if the employee is leaving on good terms or not. Do not let the employee access their workstation for any reason and escort them as they leave the building.
9. Make sure you identify how the employee can be reached if you need to contact them after they leave.
10. Finally, have your IT staff monitor the network for any unusual activity or attempts to access the company network.
Unfortunately, numerous data breaches are the result of stolen company owned devices or passwords that were never changed. A checklist will help mitigate these risks to your sensitive company data and security.