Firing an Employee? Don’t Forget About Removing Their Access
As someone who has owned his own IT support and technology services company for a long time, I’ve unfortunately had to let go my fair share of employees over the years. Even if the employee in question is a legitimately poor fit for a company, it’s something that no business professional actually looks forward to.
Recently, one of my clients came to me with an urgent request and right away, I knew something was up. He made contact outside of our regular communications channels and, in hushed tones, he pulled back the curtain and revealed what was going on:
He was firing Janet on Friday, and he wanted to make sure that her network and systems access would be shut off at exactly the right time.
That’s the other part of firing employees that people don’t think about until it’s too late. Telling someone they no longer have a job is already bad enough, and adding the IT layer on top of it all makes things that much harder.
If you have your own internal IT team, you need to coordinate with them in advance. That means Jim from IT knows that Janet is getting fired before she does. If Jim and Janet go out to lunch every Friday afternoon like clockwork, that puts him in a potentially awkward situation that all parties would want to avoid.
But at the same time, the IT side of this process is critical. According to a number of recent studies, the vast majority of cyber attacks are essentially inside jobs. Either an employee you’re letting go takes proprietary information with them, or you fail to remove their access and suddenly you have a vulnerability on your hands that you might not even know exists.
So how do you make this process as straightforward as possible, all during a naturally stressful time? Luckily, it’s a lot easier than you might think.
Your Guide to Revoking Employee Access
At InsideOut Networking, we handle this very situation for our clients on a regular basis. At this point, we have things down to a science:
- First, we discuss the situation with you in as much detail as possible. This puts us in a position to revoke access at exactly the right moment – usually while the employee in question is in your office learning about their termination.
- Critically, we identify all of the accounts that this person has access to well in advance. This could not be more important, as it lets us identify the true scope of that employee’s credentials.
- At the predetermined time, we freeze access to everything previously identified.Once we’ve made sure that there is an adequate archival process in place, we begin discussions with the people who need access to this “frozen” information in order to do their jobs.
- We make sure to get that data into the hands of the right people.
- We also make an archive of all the employee’s files, emails, and other documents in a secure way – meaning that nobody has access to it except for us.
Yes, this is all a bit more complicated than just flipping off a light switch. But if you don’t take these steps at exactly the right time, who knows what the fired employee might do?
Again, a massive 60% of all cyber attacks were perpetrated by company insiders in 2015. If Janet is truly upset about her firing and wants to take it out on you by stealing intellectual property, there’s very little standing in her way if you don’t immediately revoke her access.
Likewise, about 15.5% of all “insider attacks” were accidental according to the same study. Say Janet doesn’t want to hurt you at all… but you also forget to remove access from the personal smartphone she’s been using to do her job for years.
Then, Janet leaves that smartphone behind in the back of a taxi cab. Suddenly, whoever finds it has a backdoor into your entire infrastructure – all because you didn’t revoke Janet’s access when you should have.
But the good news is this can all be avoided with a little proactive action ahead of time.
Don’t Let Employee Access Misuse Harm Your Business
The above process is how we handle revoking employee access not only when we have to unfortunately let someone go at InsideOut Networking, but for all of our clients who find themselves in the same scenario. Firing someone is already stressful and difficult – you don’t need to add IT on top of things, making the situation that much more complex.
If all of this sounds like too much to deal with on the day that you’re firing someone, don’t worry. We’re here to help. Feel free to contact either myself or a colleague at InsideOut Networking so that we can make sure employee access is something that you don’t have to spend time worrying about any longer.
I’m Dave Goodenough. I started InsideOut Networking in 2004 with the idea that if we could cut through all the jargon and tech speak and just have real conversations about computers and technology, we could help a lot of people out and develop long-term relationships with our clients.
Today, we have over 2,500 clients who trust us to make sure their computers are always up to date and protected from security threats, allowing them to do exactly what they need.