The leaver: gone – but too often forgotten
You’ve had the farewell drinks. You’ve signed the ‘Good luck’ card and wished your soon to be former colleague well in their new role.
It’s unlikely the next thing you do is tell them to keep a spare set of keys for their company car and pop back any time they like to have a spin.
No one would dream of being this lax with their physical assets when an employee leaves their company
It is astonishing how many firms are not similarly vigilant when it comes to their digital assets. For example, do you know how many of your former employees still have login details for your main corporate Wi-Fi network? If not, it is a cyber equivalent of having a pool of unauthorised key holders for the company car fleet. There could be little to prevent those past colleagues standing outside the building and having a quick surf to see what they can find. If they feel aggrieved over the circumstances of their departure, that risk may be increased.
Have a properly thought out ‘Leavers Form’
The good news is there is one very simple thing you can do to protect yourself – have a properly thought out ‘Leavers Form’ and make sure you follow it through in a timely manner. It should be a checklist of all the loose ends you need to tie up when somebody leaves. Yes – make sure you get the office keys and car keys off them, but also make sure:
- they return any company-owned electronic devices;
- any company data is deleted from electronic devices they own like their personal mobile phone;
- that their access rights to company systems are removed;
- access to ancillary systems such as the website, social media accounts is revoked
Managing leavers diligently is critical, but there are also easy things that can be done to protect your digital assets during the time people are employed. Returning to the Wi-Fi example above, ensure the distribution of the wireless key giving access to company data is as limited as possible. Read more here on sensible steps to secure your office Wi-Fi
The systems they needed to access in their previous role may no longer be appropriate in their new role
Another good tip is to periodically review system access rights for all employees. Organisations evolve constantly and existing staff move jobs as part of this evolution. The systems they needed to access in their previous role may no longer be appropriate in their new role. Just because someone can have access doesn’t mean they should have access. Read more here on the importance of striking the right balance between ease of use and security
If you could benefit from an objective audit of any potential loopholes in the protection of your digital assets by EasylifeIT™ Director, contact us today on 0800 043 9186 or email firstname.lastname@example.org
First published in April 2017
For even more questions answered visit our Learning Centre
James is an experienced and versatile business professional who has worked across multiple sectors. He provides complementary skills to executive teams, advising across a range of disciplines including IT strategy, business continuity planning and IT project management.
James is an accredited Cyber Essentials consultant