Article Read Time
What’s offboarding, and what does it have to do with cyber security best practices for human resources?
When someone leaves your organization, hopefully, it is on good terms. However, sometimes it’s just better for you if they leave. Maybe the decision to depart was one-sided.
Regardless of the circumstances, whether it is a bittersweet or unpleasant departure, your IT team should ensure that their access to ALL networks and email is turned off. IMMEDIATELY!
During recent First Friday Cyber Security Breakfasts, a number of participants said that they had issues with former employees still having active usernames and passwords to critical functions of their organizations.
This may sound easy, like it’s just a matter of clicking one switch. In some cases, it may be. But in most cases, it’s not that easy. Most of us have access to many different applications. This is a perfect example of why it is critical to maintain an updated inventory of all equipment, emails, software, applications, etc.
First, make sure you recover all devices assigned to them, whether internal or mobile, that could be taken home or on the road. These should be inventoried so you can easily ensure you don’t forget anything.
Next, revoke access from all methods that they could use to log in remotely. This may include VPN, remote desktop, or other remote tools. This is how the Oldsmar Water Company hack happened in Florida a few days before the Super Bowl a few years ago (and a few miles from the stadium!).
While you may be tempted to shut off their email, it may be better to forward their emails to another employee for a period of time. Change their password so they can no longer access the account, but don’t turn it off completely until you know that any work that they were in the middle of has been completed or transitioned to another employee.
This is also why you should never let employees use their personal email for company work!
If the employee shared a username/password for an application with other employees, be sure to change the password. Next, ask someone to smack you for allowing that practice, then give everyone their own access!
These are just some things you should do when an employee leaves. Other tasks may include retrieving office keys, disabling access cards, retrieving company identification cards, and changing locks or combinations.
The onboarding process usually receives the most attention because it provides your employees with the tools they need to do their jobs. And you typically have the employee or their supervisor nagging you to get those things done. Whereas offboarding doesn’t seem as urgent, it is dangerous if not done thoroughly and promptly.
Cyber security best practices for human resources start wth keeping a good inventory of your networks, devices, and access points. And develop a Cyber Security Best Practices for Human Resources checklist so that when someone leaves, you know exactly what to do before it’s too late.
Do you prioritize your organization’s safety and security? Allow Commonwealth Sentinel to be your partner in risk reduction and ensuring the well-being of all. Our comprehensive services range from software and hardware solutions to training and policy implementation. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.