Protecting your IT when Employees Leave

Protecting your IT when Employees Leave

So it didn’t work with your newest employee, in fact it didn’t work out would be an understatement…they left under quite a cloud!

A recent Symantec study states that “half of the employees who left or lost their jobs in the last 12 months kept confidential corporate data and 40 percent plan to use it in their new jobs.”

  • You’ve got the work laptop/computer back, but have they deleted things?
  • How do you know what they were doing and looking at before they left?
  • They used their own devices for work, do they still have their work material?

  • What to do when employees don’t leave on the best terms


    The vast majority of staff finish employment and move on with no issues. But occasionally people leave in less harmonious circumstances, or they are just plain dishonest. We’d like to cover off on some of the basics to ensure that your risks are minimised for if, or when, this happens to you.

    Importantly, it makes a big difference what systems you use and how you are set up, so keep that in mind. For the purposes of this simple article, we assume you are a small to medium kiwi business, with a fairly simple IT setup, using one of the lower-level Microsoft 365 licences for your email document storage and sharing.

    Set up the employee properly when they join and have proper security


    To get the best outcome when an employee leaves you need to start when they join the company.
    Practice ‘need to know’ access to systems and data:
    • People only get access to what they need for their job
    • This includes ensuring your work, documents, emails, etc are protected by permissions appropriate to the user. If they don’t need access, they don’t get it!

    Set up an off-boarding system


    The obvious (we don’t want to tell you how to suck eggs with your HR, but people sometimes don’t do these things, or forget) things to do when the person leaves:
    • You probably have an induction process when someone joins, but do you have an off-boarding process for when people leave?
    • Ensure the off-boarding process is promptly followed.
    • Ensure the off-boarding is responsive enough to handle an employee disappearing at no, or very little, notice.
    • Promptly close off email and other systems access.
    • Promptly close off remote access.
    • Take back company owned devices.
    • Ask specifically if there is any company data in their possession and if so, make a plan with them for retrieving it.

    The not so obvious things


    Of course IT being the mysterious being it is to most of us you might not consider the less obvious things to do:

    • Don’t let people use personal devices for company work – give them the tools they need, and ensure those devices are properly set up by your IT.
    • Setup your business so that ALL work data/information is only ever stored in company systems. Do not allow people to save work anywhere else. Make sure they have a company owned folder they can save drafts and working documents to, if this is needed.Have remote wipe enabled, meaning you can remotely wipe the data from any devices they have accessed. The next time they connect to the Internet, the data is wiped.
    • Review activity logs; these are detailed, but can give you a picture of what the person was up to.
    • If they delete emails or files, systems like 365 and Dropbox Business keep files for a ‘retention’ period and during this time you can restore them.
    • Use a company password manager such as Keeper so that people actually don’t know their passwords, so if they leave you (or your IT support) remove their access and they can’t get into anything.

    Use technology to protect your organisation


    If you are on a lower level 365 licence, such as Exchange Online, Business Basic or Business Standard, then talk to your ITA partner about the benefits and costs of moving to a higher licence with more security features such as 365 Business Premium. For example, configure 365 to prevent bulk downloading of company data, etc.

    In summary
    Put in place protections now, so that you have them there before you have a problem. Once the person has left, it is often too late. In general, these suggestions are a good place to start with ensuring your business is protected.

    If you need a hand with any of these steps please get in touch with your local ITA member.


    This article was kindly written by our IT Alliance colleague Mark Ternent from GTB IT Solutions in Wellington
    IT Alliance Members:
    CT Business Solutions | Hamilton | Morrinsville | North Waikato
    @Computer | Northland | Kerikeri | Whangarei
    IT Live | Auckland
    Technology Partners | Tauranga
    Vision Lab | Te Puke
    AdvancedIT | Rotorua | South Waikato
    BlackSANZ | New Plymouth | Taranaki
    GTB | Wellington | Kapiti
    Decision1 IT Solutions | Dunedin | Otago
    IT Centre | Wanaka | South Otago
    Voicecom | Invercargill | Southland



    #CyberSecurity #ITSpecialists #Technology



Back...
 
 
© 2022 CT Business Solutions Limited. All Rights ReservedContact Privacy Policy Terms & Conditions View Desktop Version