Employees come and go, and from a security standpoint, this is an issue. What steps should you take each time an employee leaves? CSO Online offers these checklist items:
1. Conduct an Exit Interview
During this interview, you should review document retention requirements, and discuss any equipment that needs to be returned. All company accounts should be discussed, and the employee should be reminded of any confidentiality agreements signed when they started. You should also insure that you have contact information if the company needs to contact the employee after they leave.
2. Collect all company-issued mobile devices, USB flash drives, backup disks, etc.
IT should have an inventory list of what devices an employee has been issued to insure everything is returned when the employee leaves. By keeping good records, you can insure no data or device loss.
3. Deactivate all company email accounts, access rights, and remote access accounts
This step may seem like common sense to you, but you would be surprised at how often this is overlooked. All accounts that are assigned to an employee should be tracked in the event of employee departure to make account termination easier. This should be done immediately after the employee leaves, on the day of departure, especially if the employee is disgruntled in any way. Ideally, if an employee is being let go, their accounts should be disabled WHILE they are being let go so that they don't have a change to enact any revenge.
4. All shared passwords need to be changed
You should change all passwords that are used by multiple people that the employee might know. Again, this sounds like common sense, but it often gets overlooked.
For more checklist items, go here.
No comments:
Post a Comment