Login
iscover
Promoted by Practice Protect.
A clear offboarding strategy is important for your firm's security. Do you have security policies for when a team member leaves your firm?
How to Securely Offboard a Team Member
30 September 2019
•
4 minute read
Whether it’s by mutual agreement or forcible firing, offboarding isn’t easy. Your company has to deal with a variety of things to protect the firm’s best interests. This is why it’s so important to have a clear offboarding strategy.
Without it, offboarding can be a huge mess. And it’s not just about convenience.
More importantly, your company to make sure that the outgoing employee doesn’t take any sensitive information with them. Intentionally or otherwise, they might cause a breach that can have grave consequences.
When offboarding an employee, you can’t afford to leave anything to chance. Discover the best tips for making sure that your data doesn’t leave the company with the employee
What Can Happen Without a Security Policy for Offboarding
Your employee may not leave on good terms. The harsh reality of offboarding is that an employee may sometimes grow bitter and even vindictive. Combine this with the potential access to sensitive data and you can fill in the blank.
To begin with, the employee might steal data and use it for malicious purposes. You might have legal policies against this, but they may not prevent an employee intent on leaking you and your client’s data.
Known as an insider threat, this is a highly common source of security breaches. And it’s not the only issue that can happen during offboarding.
The others include compliance violations, productivity loss, and more that might hold your business back.
Let’s take a look at some of the best tips for preventing the above.
1. Remove the Employee from Your Mailing List
This might not be the first thing that comes to a manager’s mind, but it definitely should be near the top. This minor mistake that you might overlook can be very costly.
Leaving your former employee on a mailing list creates a gaping hole in your security system. The employee will keep on receiving information, some of which may be sensitive, and they can do whatever they want with it.
This almost happened to URX when its office manager forgot to remove an employee from the internal mailing list. She focused on seemingly more important stuff like closing the employee’s accounts and forgot about that crucial detail.
Luckily, she received expert advice on everything that she needed to take care of in an offboarding, including this. Her company narrowly escaped the security risks.
2. Wipe All Work Data from the Employee’s Devices
Your offboarding policy must include the right to gather all of the employee’s devices for the purpose of deleting work-related data. This is the best way to make sure that they don’t have any sensitive information with them when they leave.
With mobile device management, your IT department can locate and remove work data from any employee’s device before or after they leave. It’s perhaps easier if the devices belong to the company. Your security would just observe the employee pack up their personal belongings and make sure that they leave all company properties behind.
3. Revoke Access to All Applications
From the moment your employee leaves the company, you should remove all of their login credentials. They shouldn’t have access to programs that you use, especially if they contain client information or business secrets.
Remember that the employee may be able to reactivate some of the accounts within a certain period of time. This is why you need to delete their account altogether if possible.
If not, you’d have to monitor logins during any reactivation period to make sure that the employee hasn’t attempted to access their accounts.
4. Assign Clear Offboarding Roles
Offboarding isn’t going to be a one-person job for most companies. There’s a lot to do and you need to be as efficient as possible.
This is why you need to define all responsibilities as clearly as possible. You’ll be able to hold people accountable for their parts and pinpoint the source of any potential mistakes.
Protect Your Firm
As you can see here, there’s more to offboarding than meets the eye. Your accounting firm keeps a wide range of sensitive data that you’ll want to keep within.
To properly protect your data, you must have a clear offboarding strategy that checks all of the boxes. Of course, there might be other procedures that are specific to your business.
Would you like to learn more about enforcing strong security policies, including offboarding policy and beyond? You can start by booking a Cyber Security Consultation with us.
You need to be a member to post comments. Become a member for free today!
