Owning a business comes with many responsibilities. One responsibility that must be taken seriously, or you will surely suffer consequences, is how you handle an employee leaving. An employee leaving encompasses many parts of course, including but not limited to:
- Printing their last paycheck
- Finding someone to cover their duties
- Recovering any physical keys or access passes
- Starting the hiring process or training existing staff
- And so much more!
How about all the technology accounts they have access to? Unfortunately, this is one area where many business owners fall short yet it can be one of the most important areas to manage. Over time employees often end up with access to many more accounts than they started with, which often fail to get documented. Unlike a physical location, which rarely changes, technology changes far more frequently so it can be more challenging to keep up.
From new software to cloud based applications, accounts accumulate over time. The longer an employee works within your business, the greater the number of accounts they likely have had access to. This post covers 3 different types of accounts and access you need to consider when an employee leaves your business.
Technology Checklist for When Employees Leave your Business
There are 3 main categories of accounts and access to consider when an employee leaves. They are:
- User accounts
- External accounts
- Personal devices
User accounts can include a wide variety of accounts. They can consist of:
- Network accounts, or accounts used by employees to log onto a device
- Email accounts
- Voicemail accounts for phone extensions or call group memberships
- Specialty or third-party applications critical to your business
- Productivity applications like Slack, Office 365, Adobe and others
- Social media and marketing accounts
- And more
It is important to cut off employee access to accounts on their last day of employment. This prevents them from accessing company email when they are no longer an employee. It can also prevent them from reaching out to your clients and pretending to still be an employee at your business. Lastly, it helps protect your reputation by keeping non-employees from misrepresenting your business on social media and marketing accounts.
In reality, there are endless ways an employee retaining access to accounts at your business can hurt your business. Misuse of accounts can cause loss in productivity, lower morale, damage your business reputation, and worst of all - waste your time and energy. As a business owner, your time is one of your most valuable assets.
Removing employee access to accounts on their last working day is the most important thing you can do to protect your business technology accounts. While it may seem tedious or be overwhelming while also dealing with the loss of an employee, losing control of your reputation or having sensitive information released to the public is far more costly. These are the reasons why it is absolutely necessary to take the time to shut down account access when an employee leaves.
Keep in mind, not all accounts need to be shut down or disabled. If someone is in an important position for a long time it probably makes more sense to change the password to their email or other critical accounts. Changing the password blocks their access to the account, without causing any loss or damage to your business. Keep in mind, each account should be handled individually. Decide if it is better to change the password, disable or remove the account altogether before applying standard responses to all accounts as if they were the same.
External accounts can encompass a large variety and type of accounts and are often the easiest to forget. External accounts are often overlooked though they can be far more important to the daily operations of your business than user accounts. Unlike individual user accounts, external accounts are accounts often accessed with a single set of credentials that are shared out of necessity. Also, they typically manage critical pieces of your business and maintaining control is required for business continuity.
Some examples of external accounts are:
- Websites and domain registration accounts
- Cloud backup and cloud storage accounts
- Office 365 admin accounts
- Cloud based management accounts for hardware such as firewalls, switches and access points
- And more
Administrative business accounts like these often have singular credentials. This means that as staff change, the credentials get passed around while the passwords are rarely changed. Failing to change these passwords threatens the security of the accounts. Ex-employees could gain access later and cause all sorts of damage if left unchecked.
It is important to track who has access to external accounts. When an employee with access leaves, change the password and re-assess who else needs access before sharing the new password with other staff. It is critical to refrain from recycling old passwords as a new password. Reusing passwords puts accounts at risk from someone no longer employed with you.
Personal devices introduce access that can be one of the trickiest challenges any business owner faces. Almost every employee brings their smart phone to work. Others bring tablets or other devices that are often connected to your internal network. Even worse, employees may work from home without any guidelines or restrictions dictating acceptable ways this should be done.
Some things to consider for employees working from home are:
- Are they storing customer data on their personal device? Is any of it personal information that needs to be protected? If so, is their device encrypted in case something happens to it?
- Are they connecting remotely to business servers? If so, are they using a VPN to connect?
- Does their personal device have endpoint protection and a firewall enabled?
These are a few things to consider when employees use personal devices when working for your business. Anytime an employee adds a personal device to your network, or connects remotely to a server, their device introduces potential threats. If they do not have endpoint protection their device could cause problems on your network or to your business data.
It is important to set policies intended to protect your investments, including your client data. Discuss these policies with employees so they understand what is acceptable use of your network. Lastly, periodically check to make sure these rules are being followed and enforced.
Employees help free you up to run your business. Without them, it is easy to get bogged down in the day to day activities that keep you working for your business rather than on your business. A balance between these two is vital to the health of any business. However, while they can take on a great deal of burden, employees also introduce risks. This is especially true when they leave. When employees leave it is important to evaluate what user accounts, external accounts and personal devices they used so you can manage access to the account and access they once had.
As always, protecting your business can be challenging, and technology is always changing, but staying on top of these accounts will protect your business investment and reputation!