Employee Offboarding Best Practices

Companies failing to follow proper employee offboarding measures are at risk for data loss, cyberattacks and other malicious activities. Regardless of the reason for an employee’s exit, offboarding is an essential part of the transition process. Protect your system and all sensitive data with these six critical identity management procedures.
employee offboarding best practices

Collect All Company-Owned Devices

Company-issued smartphones, tablets, laptops and other devices should be turned in before an employee leaves for good. These devices not only contain sensitive information but also represent a significant monetary investment. Be sure to collect all other items used for data transfer and storage, such as memory cards and flash drives, to prevent confidential information from leaving the premises.

Retrieve keys and security cards to ensure employees can’t gain physical access to the building once their tenure is over. Being able to get in and out of the office without checking in or making an appointment literally leaves the door open for serious breaches if the conditions of departure are less than cordial.

Terminate Personal Device Access

If your business has a BYOD policy, employee-owned devices may retain information, applications and other company assets. Removing data and programs pertaining to company activities is a key part of offboarding. Even if no ill will is intended, employees can easily walk away with proprietary data on their personal smartphones, tablets, laptops and external storage devices. If passwords were stored using tools on any of these devices, hackers could gain access to your system with stolen credentials long after an employee has left the company.

Revoke Network Access

The identity and access management (IAM) solution your company uses should have tools for managing the entire employee
lifecycle, including offboarding. When the time comes to remove a user from the system, take advantage of these tools to completely eliminate the employee’s unique

identity. Don’t be tempted to reuse the account with different login credentials for the next person taking over the position. A new employee may not need the same level of access even if he or she performs similar duties, and rolling accounts over may cause problems with “privilege creep,” in which an employee accumulates more access rights than necessary to perform his or her job.

Access to company applications and third-party cloud-based programs used by your business for communication and collaboration must also be revoked. Change any common passwords for these applications or other system tools, and make sure related apps are wiped from personal devices. If an employee-owned device has its own identity within your system, remove this privilege when the person leaves.

IAM software makes network access management much easier by centralizing all information about each employee’s credentials, level of access and privileges so that you can be sure all points of vulnerability have been addressed and don’t have to search through every application to terminate access.

Remove Employee Data from Systems

Once access has been revoked, make sure the names of employees who no longer work for your company don’t show up on contact lists, in meeting rosters or as the primary contacts for projects. Forward all communications from terminated employee accounts to a manager or supervisor, and communicate clearly with other employees to ensure everyone is aware who has been offboarded and who is responsible for picking up their tasks until a new hire is made.

Follow a Set Procedure Every Time

Go through the same steps with each employee you offboard. Adhering to a plan ensures you don’t miss any critical actions and greatly reduces the risk of disgruntled employees wreaking havoc once they’ve left. Employees in good standing are saved the potential embarrassment of and backlash from accidental data leaks. Create a checklist of best practices, and follow it to the letter to keep your company and your employees safe.

Keep Records

Compliance is an important issue for any business handling sensitive information, interacting with clients and customers or conducting transactions. You may be subject to additional compliance rules depending on the industry in which you operate. Proper offboarding is necessary for compliance, especially in cases where the information you store could be stolen, sold or publicly distributed by employees with malicious intentions.

If your IAM solution doesn’t already keep detailed logs, enable the option or upgrade to a system with this capability. Logs can be used in the event of a compliance audit to prove you followed your offboarding procedure correctly and no loose ends were left to create vulnerabilities. Furthermore, logs are necessary for any critical investigation as a result of security policy violations and data breach cases.

Following the same offboarding procedure with every candidate reduces the risk of accidental or deliberate data theft and eliminates as many points of vulnerability within the system as possible. Make offboarding part of the process of managing the employee lifecycle to avoid the potential for serious security problems down the road.