Employees will come and go in any organisation, so it helps to have an employee exit IT security checklist to make sure that there are no gaps in your defences after they leave. If an employee leaves, here's what you need to do.
1. Revoke access to email
You should immediately revoke access to all email addresses associated with that employee. They have left the company and should no longer have the ability to speak for it.
2. Set up auto-forward emails
To ensure that no important email goes unread in an inactive inbox, set up auto-forwarding and/or out-of-office replies once the employee has left. For client communication in particular, make sure that you specify who their new contact will be.
3. Take back company devices
From mobile phones and laptops to flash drives, any device issued to an employee by the company should be returned before they leave.
4. Revoke access to all systems
You should update any internal system the employee no longer needs access to at the end of their last day.
5. Ensure handover of online documents
It’s best practice to have employees store any online documents in a shared company folder that you keep control over, using business tools such as OneDrive. If an employee stores their files in a separate folder or on a personal computer, make sure everything is transferred and delete the originals.
6. Change company-wide passwords
You should change any password shared with multiple members of staff when an employee leaves.
7. Change company card PINs
If the employee had use of company credit cards, be sure to change the PINs.
8. Inform your IT security team
If the employee is leaving on bad terms it’s better to be safe than sorry. Let your IT security team know if you expect any trouble so they can take necessary precautions.
Make it a clean break
Whether the goodbye is amicable or not, you can’t be lax with employee exit procedure. It’s best to cover all your bases than to miss something seemingly small and have a data breach on your hands. So follow this employee exit IT security checklist and make it a clean, risk-free break.
(This post is an updated version, first published on 3 December 2018)