Skip to main content
Computer with a hand on its keyboard next to a coffee cup and smart phone. An employee offboarding from their company.

Offboarding employees can be a difficult task for businesses, and one mistake can lead to a wide range of problems for operations depending on that employee’s responsibilities. This makes offboarding a critical task to get right, and businesses often make a few key mistakes that lead to operations difficulties or cybersecurity vulnerabilities for the business. A company wants to balance restricting access to the employee account while important data is transferred and ensuring all permissions and resources are properly handled before user accounts are shut down for good. In this article, we want to go over some common cybersecurity mistakes businesses make when they offboard employees.

Deleting Accounts Too Soon

When an employee’s business account is deleted, its assets and data become inaccessible to the business. To prevent losing important data, the company’s IT department or consultant should restrict access to the account so that the former employee cannot recover access, but the account must remain active until other critical offboarding steps are complete. It is recommended to establish offboarding policies and procedures that allow team members to access and transfer important data or permissions before an account gets deleted. IT staff will generally want to wait until other departments have verified the handoff of important assets and delete former employee accounts as one of the last steps in the offboarding process.

Failing to Secure Business Resources

Once IT restricts access to a former employee’s account, the business owner or the team manager should identify important resources needed from the account. This can include the credentials for administrative or social media accounts, custom-made applications, and source documents for company projects. IT staff should do their best to identify the services and applications the employee used – even if they were not explicitly sanctioned by the business – because third party accounts that are not shutdown properly can be an easy target for hackers. Overall, a thorough investigation should be done to ensure no important data or resources will be lost when IT deletes the user account.

Improper Permissions Handoff

Offboarding an employee requires reaching out to the other stakeholders in their work and ensuring permissions are handed off appropriately to avoid operation disruptions. Team managers and fellow employees that worked closely with the offboarding user should be contacted to verify that the right team members have the application and database permissions they need. If an employee’s account is deleted before administrative permissions or data ownership can be handed off, then project teams may face challenges working with tools the former employee heavily participated in. Any assets unique to projects the departing employee worked on should also be checked for access and administrative privilege handoffs.

Summary

An employee leaving a company creates a chain of events that can lead to many cybersecurity risks or disruptions to operations. By planning out the offboarding process before account deletion, knowing what data needs to be recovered from the employee, and getting the right people involved during offboarding, a company be more prepared to continue operating securely. If your business needs help preparing policies and best practices for offboarding employees from the company’s technology, then an IT consultant can help your business better ensure a former employee’s accounts won’t become a possible vulnerability!

Robinett Consulting

Author Robinett Consulting

At Robinett Consulting, we are your consultative partner who strives to grow your business and have technology truly enabling you. We aim to understand you and your business so that you do what you do best unhindered by your IT.

More posts by Robinett Consulting