Best Cybersecurity Practices For Employee Termination

Ending a professional relationship is never easy, especially when it’s employee termination. While most companies have HR policies for terminating employees, it’s important to have a cybersecurity policy in place to guide your staff through this transition. In this day and age of virtual offices and cloud computing, your IT department must be your partner when it comes to employee offboarding. Whether an employee leaves voluntarily or not, it’s important to consider the cybersecurity implications of the end of this relationship.

When considering employee termination from an IT perspective, you need to consider that while people can be an asset in maintaining effective security, they can pose a great threat to data security and confidentiality. According to a recent  Wall Street Journal Pro Research Survey of cybersecurity executives at nearly 400 companies, 67% said they were concerned about malicious employees. Terminated employees, in particular, may jeopardize cybersecurity if they are dissatisfied with their employment or termination.

However, even employees who voluntarily separate from your organization can endanger your corporate data. For example, the Federal Deposit Insurance Corp suffered an inadvertent cyber breach when a former employee inadvertently departed the agency with a storage device containing data and information relating to 44,000 customers.
Cybersecurity Practices For Employee Termination

Policies to Prevent Cybersecurity Breaches When Terminating an Employee

One of the best ways to secure your organization’s data, systems, network, and more against cyber security issues resulting from employee termination is to prepare security protocols ahead of time. Whether an employee leaves voluntarily or not, the following policies should be put in place to protect your security:

  • Enforce comprehensive and robust security policies centered around your applications, firewalls, and sensitive systems to protect against outside actors.
  • Enable and enforce MFA (multi-factor authentication) across your organization – having MFA enabled on as many systems as possible allows you to shut down access to all of those systems in a single action.
  • Ensure that you have healthy backups of all internal systems going back at least 90 days.
  • Have a well-written Acceptable Use Policy and ensure all employees read and sign it.
  • Put in place password rotation policies, with a maximum age of 90 days.
  • Ensure that you have an IT services provider that’s experienced in modern IT security management. Consider hiring if you don’t have one.

IT Employee Termination Checklist

Here’s a checklist of actions you and your IT team will need to take to insure your company’s data remains safe (please note, this is only from a technology standpoint – your HR team will need to take additional action). These actions should be carried out before the termination meeting.

  • Disable MFA: This is by far the fastest and most effective step you can take during an employee termination procedure.
  • Email access: You may not want to immediately turn off an employee’s email because it could cause you to miss important client communications. The best way to secure the email address while protecting the employee’s dignity is to forward the email only to the employee’s direct manager. Change the password, so the former employee doesn’t have it, and set up an autoresponder for external messages and another one for internal messages, so senders know who to contact instead of that former employee. Back up the employee email data, especially if you suspect legal action – this will support your case.
  • Disable all cloud account access right away. If you need to move data first, start by changing the password, pull user audit reports to review activity before the employee leaves, migrate the account data to another user (most systems will give you this option when you delete the account). Once all data has been moved safely, delete the employee’s account.
  • Remove the employee from all access to Active Directory (AD) and 365 groups and memberships. Also, confirm the employee’s access is terminated on all system accounts such as VPN/remote access, network, financial accounts, company-owned social media accounts, and application accounts.
  • Recover all company equipment such as laptops, cell phones, or software licenses designated for use by the employee and redistribute as needed.
  • Wipe company information from any employee-owned devices that were used to access company data (even if your company doesn’t have a Bring Your Own Device (BYOD) policy, it’s likely they still used a cell phone to access email). If you don’t already have a mobile device policy, you need to get one in place now.
  • Terminate access to voicemail: Forward phone and voicemail to the user’s manager, and delete them at the manager’s convenience.
  • Revoke building access, including any key card access to doors. If your building uses door codes, disable or change their code. You should also revoke the terminated employee’s user ID and password and other security clearances immediately upon the separation. 
  • Audit account activities of the departing employee before they leave to see if there were any unusual activities, such as copying files in bulk, attempts to access unauthorized data, attempts to install unapproved software on the company network, or addition of new devices to access the company data.
  • Communicate employee termination with the company to prevent anyone from accidentally giving the departed employee access to sensitive information. This should be handled carefully and with dignity. The communication should be firm and transparent while respecting the departing employee’s privacy – no need to divulge details of why the employee is leaving.
  • Track termination procedure steps to confirm their completion and to verify any compliance standards regarding termination security policies.

Keep in mind that someone who gives notice will need continued access during their final days. In this case, you may decide to stagger the taking away of access for the remaining days of employment.

Update Your Process Document

Once the process is complete, make sure to update your living document of termination tasks for all involved parties tailored to your particular organization, including managers, HR, and IT. Keeping this list up-to-date will ensure you don’t have to figure it out on the fly each time you need to go through an employee termination process.

Plan For a Security Breach Response

A robust security policy should consider everything, including your response, should a security breach occur. If you suspect a breach, it’s vital to have a policy in place to quickly take remedial actions to stop the breaches, correct the problems, and mitigate damage, implement measures to prevent recurrence of incidents, and provide for early assessment and investigation before crucial evidence is gone.

Secure Your Company Today With OnPar Technologies

A terminated employee getting access to company systems can be a huge security risk. By working with a cybersecurity provider like OnPar Technologies, you can be proactive about protecting your organization’s systems, data, and network from former employees and other bad actors. We can strengthen your computer and network security by assessing how your systems are vulnerable, recommending steps to address those vulnerabilities, and enforcing identity and access management. Contact us today to schedule a consultation and discover how OnPar Technologies can secure your business.