Rapid IT Offboarding: What to Do When a Disgruntled Employee Suddenly Walks Out The Door
Employees are trusted members of the team. You give them logins and access so that they can help maintain the digital structure of your company and defend against cybersecurity threats. But what happened when one of those trusted team members leaves on unfriendly terms? We see it in the news every few years; Disgruntled employee leaves company and causes cybersecurity fiasco.
Most often, breaches caused by unhappy or exiting employees are limited to vicious email chains and social media account hacks. But sometimes, the risk is much higher and a suddenly no-longer-onboard employee will spearhead an insider attack. Employees have been known to steal client lists or viciously delete precious files. With all the right logins, it is possible for just one disgruntled employee to either leave your cybersecurity gates open or wreak a swath of digital destruction in their wake.
What is the right approach to handling an unhappy employee who suddenly walks out the door? The cybersecurity process you need is called digital off-boarding. Here’s the how and why to digitally offboard every employee as they go.
The Angry Employee
One angry employee can be a real threat to your company given even one extra day of access to your networks. Some only need a few minutes after the decision is made to leave the company. A disgruntled cybersecurity attack can happen when employees have real grievances or if they are taking simple business decisions to an unhealthy personal level. They can even happen when employees seem to leave on good terms, if they harbored some negativity that never appeared on the surface. You never know when a departing employee, especially one who quits or is laid off, may choose to strike through their authorized access.
Digital Authorization to Offboard
- Company Email
- Authorized Logins
- Company Credit Cards and Financial Accounts
- Company Cloud Platforms
- Shared Documents and Project Files
- Clients and Partner Accounts and Contact Information
- Access to Infrastructure
- Company Equipment and Vehicles
- Company Social Media Account
An angry employee who still has access to any one of these typical logins and privileges can sabotage the company on their way out or even months after they leave and find a new job elsewhere.
Onboarding and Offboarding from an IT Perspective
When a new employee is hired, HR and IT are the most involved in getting them started in the role. HR processes the paperwork and arranges the benefits while IT sets up the workstation, laptop, employee email address, logins, and platform access each new hire will need to do their job. Onboarding from an IT perspective is mostly setting everyone up with about a dozen company logins per person and team.
The employee’s activity can then be monitored by the where and when of their logins and account contributions.
When an employee leaves the company, every single one of those authorized logins, shared documents, and inclusion lists must be removed from the ex-employee’s access. This is a natural, practical, and technical truth of offboarding. It is also essential for cybersecurity and the general stability of your digital infrastructure.
Why Off-Boarding is Necessary for Every Employee Turnover
When an employee is not properly off-boarded, their login stays active without anyone monitoring the account. This is like a vacant house on an unlit street – it’s just asking for trouble. If a hacker steals their password from a darknet sweep and gains access, this ’empty’ account is now the access point for malicious activity inside your company’s secured network. If the exiting employee is angry, they can use this access to cause trouble long after they leave, or even sell their access to hackers to cause problems for you.
Off-boarding is not just defensive, it’s a necessary digital housekeeping task that should be performed every time an employee leaves the team (or even when they change teams internally) to ensure there are no phantom logins in the system waiting to be exploited.
What Goes Into Off-Boarding an Exiting Employee?
- Disable Employee Email
- Remove Employee from CRM Login
- Remove Authorization to View or Edit Company Files
- Disable Employee’s Remote Access
- Disconnect Employee from Social Media
- Change Passwords Possibly Known by Employee
- Audit Network for Spyware
Emergency Offboarding an Angry Employee As They Leave
Let’s say you have a disgruntled employee who just quit and stormed out the door. Or you had to lay someone off and they blew their lid in response. What now? Normally, you would give a team member a few days or weeks to collect their emails and wrap up their work files. But when you fear there is cyber-revenge in the air, your HR and IT teams will need to move fast to quickly off-board the exiting employee and quarantine their accounts in case of imminent foul play.
Immediately Disable Communication
Start by stopping all communication. The most common disgruntled salvo is to send an embarrassing or rant-filled final blaster email to the staff, customers, or business partners. Make sure that blaster email does not go out by freezing the company email address, Slack account, and any other communication portals where this employee has an account.
Freeze, Then Deactivate, CRM and other Platform Accounts
Freeze their account activity for any critical platforms like your CRM and project collaboration software. Do not let them reach your clients or harvest client information to poach or sell. Once the account is frozen, you have time to dismantle the employee’s accounts and logins.
Change All Passwords the Employee May Have Known – Especially Social Media
Change all team passwords and passwords that may have been known to the employee. Consider teams and systems they work with regularly. This is especially important if they had access to the company social media account, as this is where PR crises come from. Change the financial passwords, the team file passwords, the router password – everything.
Remove Employee’s Name from All Document Authorization Lists
Remove their access to company files by filtering their name from all document auth lists. Instead of looking for every document they had access to, remove their account from inclusion in any group or from any individualized auth list. This protects access to proprietary files and ensures they can make no final disastrous edits or thefts.
Offboarding Employees Who Leave on Good Terms
What if you have an employee leaving on good terms? They’ve had a good time but found a better opportunity. Theyv’e given notice and are saying their goodbyes. You still need to perform an offboarding, but don’t have to rush into emergency damage-control conditions.
Use the notice period to ask your employee to wrap up their files and emails, if possible, or give them up to one week after departure to do so remotely. Change passwords and remove their account access to documents and the CRM as soon as it will not interfere with their own self-offbording procedures. Your departing employee should have all their permissions and access removed no later than one week after leaving and, ideally, on their official last day. This cleanly ensures that they leave no unoccupied logins to become a security gap in the system later on.
Does your business need a reliable IT partner to handle the everyday and emergency cybersecurity procedures? We have the expertise and tech experts you need to keep your team on the cutting-edge of digital access and your cybersecurity tight as a drum – even when an employee leaves angry. Contact us today to consult on your company’s managed IT needs.