Offboarding an Employee? Follow These Steps to Prevent a Data Breach.

Just a few weeks ago, Metrohealth, a Cleveland-based healthcare system, reported a large-scale data breach spanning over fifteen years as an employee had ample access to sensitive information. While the case is ongoing, it highlights the importance of evaluating employee data access as well as the high risks that come with a poor offboarding system.

To accomplish their tasks, current employees need access to critical data, yet after termination, steps must be taken to retrieve access without disrupting productivity. Nevertheless, an estimated 71% of businesses possess no formal offboarding or decommissioning system for their data. Research estimates that up to 50% of former employee accounts remain accessible after termination, usually compromising:

  • Passwords to software, communication channels, and social media accounts
  • Intellectual property and trade secrets
  • Customer contact lists and payment information
  • Personally identifiable information (PII)

If devices aren’t properly decommissioned and access parameters updated, terminated accounts become vulnerability gaps to be exploited by threat actors. Moreover, if data security policies aren’t clear, former employees themselves may share sensitive data -whether accidentally or on purpose- further compromising business continuity after they’ve left an organization.

What should Offboarding Look Like?

When offboarding an employee, IT specialists recommend taking immediate action and quickly decommissioning accounts to avoid enabling rogue entry points. While every organization may differ in their exit policies, consider taking the following steps:

  1. Remove access to new programs and accounts.
  2. Notify your IT team of upcoming offboarding events.
  3. Ensure the offboarding employee is aware of your data security policy.
  4. Disable the user’s account within 30 days after termination.
  5. Revoke remote access credentials for cloud-based systems and emails.
  6. Change passwords to previously shared tools.

Ongoing Asset Monitoring Helps

In a world where labor turnover rates fluctuate month by month, businesses cannot afford to implement a decommissioning strategy at the last minute. One way to ease decommissioning stress is by keeping up with an asset inventory plan alongside a managed service provider. As new devices and users enter your team, register the identifiers below to monitor data transactions:

  • Device type – Such as tablet, laptop, smartphone, etc.
  • Associated IP address – Note in-office and remote data usage.
  • Manufacturer name – Communication with OEMs helps track available system updates.
  • Device model numbers – Track which editions and generations have been deployed.
  • Processor and memory capabilities – See what is being stored in your devices.
  • Storage capabilities – See what’s being stored in shared accounts.

76% of IT leaders cite offboarding as a significant security threat. However, it is only natural that teams evolve over time. In addition to offboarding, system expansion presents similar issues, as users may have to relocate and update user information. Consequently, a careful decommissioning process is essential to securing business continuity amidst change, whether good or bad. To learn more about how you can structure your decommissioning process, contact our team for an evaluation of your current steps.

Our Blog

Stay updated with the latest in the industry

Want to learn more about Third Wave. Keep up with the latest news and trends.