Written by Craig Lurey
Ending a business relationship with an employee can be daunting, especially if things end on bad terms. Offboarding is critical to ensure that any disgruntled former employees do not expose company information. There have been cases in the past where former employees are the cause of massive data breaches.
Some data breaches are intentional, like when a former CIA employee was convicted for carrying out the largest data leak in the agency’s history.
Other breaches are unintentional, like when a City of Calgary staffer accidentally sent an email to an employee of another Alberta municipality. The email contained personal and confidential information of 3,716 municipal employees—resulting in a $92.9 million class action lawsuit for allegedly breaching the privacy rights of thousands of employees of the City of Calgary.
An offboarding process is necessary to prevent these security breaches from happening to your organization.
Employee offboarding is a process that takes place following an employee’s separation from the company. This is a necessary step to ensure their work is transitioned to other employees and so that potential vulnerabilities that can expose the organization to cyberthreats are prevented.
The offboarding process can include:
The purpose of the offboarding procedure is to create a clean break from the former employee and tie up any loose ends. Plus, feedback from the ex-employee can be beneficial in improving the company for the current and future team.
Some of the benefits of having an offboarding process include:
There are several steps to consider during the offboarding process. Follow the general guidelines below when offboarding an employee at your company.
The offboarding process is basically the opposite of the onboarding process. A proper onboarding process will make the offboarding process more efficient since it will allow you to gather information to help with offboarding later.
When a new member joins the team, create an employee offboarding checklist. Keep track and record all digital and physical assets associated with each employee. Ask yourself:
Take note of their responsibilities and equipment, as this will help with the offboarding process in the future.
Retrieve company equipment such as laptops, security passes, USBs, IDs, hard drives and other assets. A single forgotten thumb drive containing sensitive data can fall into the wrong hands and result in a data breach.
After recovering all physical assets, organizations must also revoke the employee’s online access. Shutting down accounts includes:
Monitor the user’s activity during the last couple of weeks to their final day to ensure that the employee has not duplicated any files to their personal computer. Set policies in place to prevent email forwarding.
Keeper makes the offboarding process easier with features such as role-based access controls and delegated administration. When an employee leaves your company, you can easily transfer their vault to another user so that credentials aren’t lost but the ex-employee cannot access their vault anymore.
Take a look at our documentation portal to learn more about Keeper’s admin controls and how we make onboarding and offboarding easier for you and your employees.
Improper offboarding processes can open the doors to a cybercrime. An employee who leaves your company on bad terms may seek revenge and intentionally cause a data breach that can put everyone in your business at risk.
On the other hand, even if an employee ends a business relationship on good terms, an improper offboarding process can still put your team and customer data at risk. For example, if a company does not change passwords to the shared account, an ex-employee could possibly log into this shared account on their personal computer at home. If the ex-employee does not practice good cyber hygiene, they put the company account at risk.
The offboarding process is a shared responsibility between the Human Resource team and the direct manager. Human resources (HR) provides the necessary paperwork and legal processes. The manager should work alongside HR to help with the employee’s transition out of the company since the manager should better understand the employee’s responsibilities.
Depending on the size of the company, the IT team may be involved as well to ensure equipment is returned and access to company accounts and information is revoked.
You May Also Like
Storing your bank passwords in a password manager is the safest way to store them without putting them at risk of becoming compromised. When targeting online accounts, cybercriminals often target those that are most valuable, which...
Choose Language