Blog

How To Protect Your Data When Terminating An Employee [Checklist]

Written by Sarah Leitner | January 28, 2016 2:25:06 PM Z

 One of the hardest challenges faced by any company is terminating employees. While this is a difficult task, there are some critical steps to take to safeguard your company property and knowledge – and timing is everything.

A terminated employee getting access to company systems can be a huge liability risk, so it’s essential that access is turned off at the right time. Let your IT company (or IT department) know ahead of time – and specifically, what time the access needs to be turned off.

This gives them a little time to prepare and prevents awkward – and potentially risky – situations. If access is not disabled soon enough, you run the risk of the terminated employee getting access to company systems after they’ve been let go.

If access it turned off too soon, the employee may try to access their normal systems before they’ve been terminated and figure out what’s going on when they can’t get to them.

Here’s a checklist of actions you and your IT team will need to take to ensure your company’s data remains safe (please note, this is only from a technology standpoint – your HR team will need to take additional action):

  • Disable and change all passwords for Windows Domain accounts
  • Disable email access.
  • Remove access from any 3rd Party applications (whether they’re on-premises or in the cloud)
  • Change password or remove access from websites with company information
  • Change password or remove access from any applications or website that publish as the company or clients (like a company Twitter account)
  • Remove VPN access.
  • Remove building access including any key card access to doors. If you’re building uses door codes, disabled or change their code.
  • Remove access to any tokens issued for access to applications (like two-factor authentication apps)
  • Wipe company information from any employee-owned devices that were used to access company data (even if your company doesn’t have a Bring Your Own Device policy, it’s likely they still used a cell phone to access email). If you don’t already have a mobile device policy in place, you need to get one in place now.
  • Account for all Company owned equipment owned by the company with an inventory sheet.
  • Account for software licenses designated for use by the employee and redistribute as needed.

This list certainly isn’t everything. That’ll change based on your company and the employee being terminated. The longer an employee has been there, or the more access they have, the more you’ll need to do.

It may feel weird to let your IT team know an employee is being terminated before the actual employee – but it’s a necessary step to keep your company’s data safe.

Our friends at Propel HR have written more about this one their blog and why timing is so critical from an HR perspective. You can read their post on their blog.