One of the greatest threats to your business’ electronic data is not closing the door when offboarding employees, contractors or third parties. Not terminating their access may expose your business to hacking, phishing, ransom attacks and other cyber threats.
Your offboarding process should include HR and IT, and should be routinized and documented, including:
- Creating and maintaining an inventory of the party’s digital life, including company and personal devices, accounts, access, administrative permissions, licenses and responsibilities.
- Setting a deadline for terminating all access, taking into account time or access needed to finish up or transfer work.
- Auditing for former employees’ access to your files or systems.
- Deploying a data management solution that can silo all employee data that must be retained.
- Deleting employee access before they leave the building, discussing during the exit interview, and terminating all email software, cloud service, and other digital properties.
- Terminating access to any apps, changing all passwords and setting up email and voice mail forwarding to a new account.
- Using the “zero-trust model”, assume any offboarded person or entity cannot be trusted.
- Taking all other actions to be sure the door is closed.
Should you have any questions or concerns in this regard, please contact me.
Douglas C. Tibble