10 Steps to Proper Employee Offboarding for IT Security

10 Steps to Proper Employee Offboarding for IT Security

We’ve all experienced or facilitated the process when a company onboards you (as an employee) or you (as an employer) are onboarding a new employee.

Offboarding, on the other hand, has a significant risk to the business if done improperly. Failure to completely outboard could allow former employees to maintain access to secure networks, confidential information, and sensitive company data. Access to this type of information opens companies to unnecessary data breach risk.

Offboarding is typically handled by company leadership (employee’s boss) and the Human Resource department. If it’s a less than cordial departure, the Legal Department may be involved. Cybersecurity and a company’s IT security team are often afterthoughts not traditionally included as a key part of offboarding. While HR may take away an employee’s computer, badge, and key access, employees may still know passwords and other access points to a company’s network. 

In all offboarding processes, the IT security team should be looped in to ensure the proper removal of an employee’s access to the network.

What exactly do we mean by access to the network? What specific areas need to be addressed in the offboarding process? Let’s break it down.

10 Steps to Proper Employee Offboarding for IT Security

  1. Thoroughly inventory an employee’s digital footprint in the company.
  2. Audit current user (employee) activity to understand which areas need to be addressed from an IT perspective.
  3. Create a timeline and set deadlines for deleting employee accounts and access. 
  4. Fully delete employee access when they leave the company building for the last time. 
  5. Clearly define what employee data needs to be retained.
  6. Remove employee access to any apps they may have on a personal device.
  7. Set up email and voicemail forwarding. 
  8. Change all necessary passwords.
  9. Using a thorough list of devices, confirm all devices have been recovered before the employee leaves the company.
  10. Operate on a “zero trust” system--once the employee leaves your company, they should not be trusted with any insider access. 

Why does this matter?

In short, the security of your network depends on proper offboarding. While it’s true that most people have good intentions--and most former employees, if left with access credentials, would neither remember nor care--proper offboarding addresses the security gap for those employees that do not have good intentions. By leaving former employees with network access credentials, your organization can quickly lose security and control of your network. Former employees with ill will towards the organization hold power to access the network with malicious intentions or for their personal benefit. As long as former employees maintain access to the network, they are considered a threat by your IT security team. 

Finally, we’ll leave you with this: a 2020 Insider Threat Report by Cybersecurity Insiders found that a single cybersecurity incident by an insider (i.e., someone who continues to have network privileges after leaving) will cost a company $750,000 in total including investigation, response, and remediation. Therefore, the report found that the most significant risk to an organization is those individuals that maintain insider access after offboarding. 

Need help with proper employee offboarding from an IT perspective? PK Tech is here to help your business maintain optimal IT security. Contact us here.