These days, most executives know that hackers represent a threat to their company if their network isn’t secure.  They may not realize that a more significant threat is someone using a legitimate login and password to access data they shouldn’t be seeing.  There are many ways this can happen.  Employees may fall prey to phishing scams, unwittingly providing their password to a criminal outside the company.  They may put their password on a Post-it note that catches the eye of a visitor.  They might even share their password with another employee without realizing how dangerous this can be.

If a current employee’s network access poses a major threat, you can imagine how large of a threat it is for ex-employees to still have functional passwords months or years after they leave.  Yet according to Intermedia, 89% of ex-employees have access to at least one application after they’ve left the organization.  This is why it’s critical to have a checklist of tasks to complete each time an employee is separated from your company – whether that separation is voluntary or not.

The following items should be collected on or before the employee’s termination date:

  • Laptops
  • Company-owned storage devices, such as external hard drives or flash drives
  • Company-owned phones
  • Company-owned credit cards
  • Access cards (such as those used to open building doors)

Login credentials to the following technology should be suspended on or before the employee’s termination date:

  • Company email and calendar applications
  • Telephone voicemail access
  • PIN-based alarm or door systems
  • Network or file access at all company locations
  • Online credit card account logins
  • Cloud-based software used by the company, such as Salesforce
  • Marketing accounts, such as social media or website logins
  • Company files (if any of these are on non-company owned devices, ensure they’ve been deleted)

If any passwords were shared between the departing employee and co-workers, those passwords should all be changed.   It is best practice to never allow the sharing of passwords, to avoid this situation from occurring.

You should also remove references to the employee in internal documents such as phone directories or staff directories.

If you’d like help from a Managed Services Provider in building and enforcing an IT checklist for exiting employees, call us at 919.779.0954 or contact us online.