Has Your Ex-Employee Really Left?
The days of the job-for-life are now behind us. So, as an employee moves on to pastures new, how can you be sure that they have completely left your company? Physically yes – but what access do they still have to your business? We’re not only referring to employees here, we also need to include any contractors or freelance workers that you may have granted access to your business.
With workers being given at the very least access to an email and to certain company files, when someone is no longer involved with your business you need to ensure that they don’t still have a key to your sensitive data. Here at Dolphin we have complied a check list for ensuring that an ex-employee or contractor has been completely removed from gaining access to your data.
Ex-Employee Security Check List
Accounts: Who has access to your bank details? And your own internal accounting systems – do you need to inform/change passwords? What about your CRMs and databases? Access to your suppliers and to your customers? Do you need to inform people that said person no longer works for you?
Emails: Have you shut their business email account down? Do you still need retrospective access to that email account? Will you need a forwarder put on it for at least a grace period? Did they only have access to their own email account or also to generic accounts such as help@ or info@?
Files: Can they still login to your cloud storage systems? What level of access did they have? Even if only the most basic access was granted to them, you need to ensure that they can no longer look at your files. You need to include programs like Dropbox here and ensure any relevant folders are manually removed.
BYOD: If they had their own mobile devices, phones, tablets or laptops, what have they stored on them? Did you grant them the freedom to use their own devices and allowed usage for work purposes? If you did you can’t control what they have on their personal technology, but bear in mind that they may still have information on their computers that could cause your company issues at some point. Even if no malice is involved, what if they left their laptop on a train and company information fell into someone else’s hands?
Digi Media: Did they have access to any of your social media accounts or your website? What email accounts are your social media profiles connected with? Is there anybody still within your organisation who can check what the ex-employee is saying online about your company? How long after they have stopped working for you is it “ok” for their LinkedIn, Facebook and Twitter profiles to say that they remain working for you?
The levels of access you have granted someone will have a direct effect on the number of checks that you need to make to ensure access is now denied. How quickly should this be actioned? Realistically, as soon as humanly possible. No organisation should take data security for granted and ensuring that those outside of your company cannot access information is a priority.