Always a tough topic but a question we are often asked by our clients is “What do we do when a staff member leaves?”
If you have been in business for a long time you will understand that no matter how good the environment, conditions or how well you look after your staff sooner or later they will move on.
Be that for retirement, moving to a different city, career progression, career change or having won the lotto.
So after the going away drinks, pat on the back of gratitude and wishing them the best for the future that is where our obligations end, right? Wrong!
When a staff member leaves it is imperative that your company takes appropriate action and ensures that access to company resources are secured correctly. This is especially true if your employee parts ways on bad terms.
Let’s look at some of the IT processes that need to take place when a staff member leaves and the potential impact of not doing this correctly.
The lead up In the days or weeks leading up remind the exiting staff member of their responsibilities and advise they will need to return all company property and equipment at a set date and time (usually the end of shift on their last day or exit interview).
Actioning this early gives the staff member sufficient time to ensure everything is ready to be returned and allows them time to take any personal files off the devices prior.
Equipment to be return
USB & Storage devices
Power adaptors so on
Identification and Access devices to be returned
Swipe Cards or Smart Cards
Bank Cards or Credit cards
Company branded clothing (not always essential unless your company is of a very sensitive or highly regulated/profiled i.e. Police, Hospital, Security so on)
*** If using Apple devices make sure that iCloud and Find my Device is signed out and turned off prior. If your staff member has signed in and you don’t know the password you will not be able to erase or restore this device, if you are using a correctly configured Mobile Device Management this is not necessary ***
Reset Passwords, Sign out and Disable Accounts This is an absolute must and should be actioned immediately upon exit. The reason this is so important is that even if you part ways on good terms that user’s account remains accessible and company data may be used, distributed, stolen or compromised.
The ordering in which you carry out this process is also important depending on your environment. If your company uses Office 365 or Microsoft Exchange you should
Initiate sign out of devices
Doing this means that all active sessions are closed and access to resources is removed.
If the user had access to a shared account or service account then this should be changed too.
Backup Data, Isolate and Erase/Factory Restore Devices Upon receiving returned equipment the following steps should be taken
Check if non-company data encryption has been turned on
Backup or copy any company data from the device this includes files, email archives, contacts, software licenses so on
Isolate from the network & internet
Erase or restore to factory settings **
Erasing the device is not always necessary however, it is an easy way to protect against potential unauthorised remote access.
Experience shows that often users install software that allows them remote access to the device to do work. When a staff member leaves this needs to be removed and unless you have IT staff who can go through with a fine tooth comb the easiest way is to erase or factory restore the devices.
Retrieve Data or Passwords not stored on company resources It is usually a while before needed but there will inevitably be something that pops up that either wasn’t documented or not correctly stored on company resources. Prior to their final day ask the exiting team member if they have created service accounts or have stored important data on any device outside of what you have provided.
Redirect incoming emails & notify critical contacts Self-explanatory but often overlooked, always redirect the email from your exiting team member through to their replacement.
If no replacement has been appointed then add an auto responder advising that xyz employee is no longer with your company and communications should be directed to abc employee.
If your business deals in highly confidential data then it may be worth advising affected customers of the departure of xyz staff member and the effective date. This avoids any potential security or privacy breaches due to contact not going through company channels.
Print or provide final pay slips and contact details Your accounting/HR team will likely handle this; however, it is good to check that you have the exiting staff member’s contact details so that you can provide them with Pay slips or any company correspondence required.
Other non-tech considerations
Exit interviews & questionnaires
Take future contact details of exiting staff member should you need to contact them
Wish them well for the future and thank them for their work throughout employment
It is never an easy process when someone leaves especially if they have been a valued team member. With the correct processes in place, it should minimise the stress.
Runtime Consulting has the experience and expertise to help your organisation put the correct processes in place to protect your business and allow for minimal disruption.