Blog

Cybersecurity Checklist for Securely Offboarding Staff Members

Written by Corey Belanger | Nov 10, 2022 4:26:39 PM

Many companies project sustained growth in staff acquisition and retention, but as fate would have it, massive layoffs and leaving employees are inevitable. As employees leave, they introduce risks like leaving with critical company data and prolonged access to work accounts long after they have left, exposing organizations to data loss threats, identity theft, and unauthorized access to proprietary information. Despite this, many companies handle employee off-boarding poorly, especially in cybersecurity matters. Fortunately, understanding the cybersecurity risks of poor employee off-boarding, best practices, and checklist items to consider for leaving employees can ensure companies retain a robust cybersecurity posture once employees leave.

Read our blog post about how to securely onboard new team members.

 

Cybersecurity Checklist for Off-Boarding Staff Members

Every business should foster a cyber-secure environment as soon as a new employee signs the offer letter and leaves the organization. A cybersecurity off-boarding process can help to ensure organizational compliance with cybersecurity requirements and minimizes the risks of departing employees having access they no longer need which can compromise data and critical systems.

Such a checklist should include:

Perform an exit interview focused on key security procedures 

  • Discuss the company-issued devices in the employee’s possession
  • Take note of all company account/network/VPN access privileges 
  • Get contact information in case the employee is required for further off-boarding reasons

Has the departing employee returned company-issued devices? 

  • Prevent unauthorized access to data processed/stored in the devices 
  • Preserve the integrity and confidentiality of company-owned devices and data

Has a departing employee’s access rights been revoked?

  • Deprovision access to corporate accounts 
  • Disable access to the corporate networks 
  • Disable all role-based and least privilege access rights associated with the employee

Disable all potential data exfiltration options 

  • Disable the employee’s access to email accounts and forwarding processes
  • Disable employee’s file sharing option, e.g., O365 and SharePoint 

Are employees’ passwords still active?

  • Reset all shared passwords
  • Reset employee’s passwords for accessing cloud accounts 
  • Reset passwords to email accounts and corporate applications like CRM

Perform a security audit before the employee leaves the building 

  • Employee activity monitoring to detect copying or download of a high volume of data a few days before the employee leaves 
  • Monitor network activities to uncover suspicious resource usage

Disable company-issued employee contact information 

  • Redirect email communications to a new email address
  • Redirect phone communications to a new number 

 

Risks of Improper Staff Off-boarding

1. Costly Data Breaches

Certainly, technology has made it possible for departing employees to take crucial business information to their new employers, some of which could be your competitors. Just picture this, an employee moved your clients’ contact information to their smartphone or shared marketing plans to their personal email address. 

The lack of a formal account de-provisioning process allows departed employees to retain access to sensitive data and accounts, which may lead to avoidable data breaches. It is important to ensure that you protect your trade secrets when employees leave. Employees may harbor grudges and misuse their prolonged access to sensitive corporate accounts to leak crucial information to rival companies. 

In spite of the heightened risks, only 29% of companies utilize a formal employee off-boarding process to de-provision access privileges for departed staff.

 

2. Compliance Violations

Compliance regulations are essential frameworks that stipulate industry-standard guidelines for ensuring robust data protection approaches. At the heart of these guidelines is protecting confidential data, such as personally identifiable information and electronic health data, from unauthorized access, with severe penalties for noncompliance. 

Therefore, when companies fail to off-board employees properly, they expose themselves to noncompliance violation risks, which often have a ripple effect. Noncompliance with regulations like GDPR and HIPAA attracts hefty financial penalties, weakens data security, and threatens a company’s reputation. In addition, poor off-boarding practices may permit employees to retain access to company data, violating the guidelines stipulated in most compliance regulatory frameworks. 

 

3. Confidentiality Breaches

In the modern highly-competitive business environment, it is not uncommon for some organizations to engage in unscrupulous business practices, such as poaching employees from rival businesses, to gain access to privileged information. For example, competitors may use departed employees to access confidential business agreements, contracts, intellectual properties, and trade secrets. Off-boarding employees poorly can enable them to steal such confidential information leading to devastating consequences. For example, an automation engineer leaving a US-based organization for a Chinese-based company provided the latter with the former’s intellectual property, running the former employer. Such cases are rife and preventing them requires an effective off-boarding process.

 

Best Practices for Securely Off-boarding Employees

1. Keep Updated Inventories

Keeping updated inventories is a crucial best practice for off-boarding employees securely. Maintaining an inventory of company-issued assets issued to employees and matching it to the organization’s current inventory can ensure that the IT department does not overlook anything when employees leave. For example, the inventory should include everything departing staff can use to retain unauthorized access to critical assets, including USB disks, mobile phones, laptops, corporate accounts, cloud passwords, email accounts, and VPN access to corporate networks. In addition, with insider threats being a menace for all companies, an updated inventory can ensure that employees cannot abuse their knowledge of internal systems to cause harm once they leave.

 

2. Enable Effective Communication with IT Personnel 

Cybersecurity breaches usually occur when off-boarding employees due to poor communication between organizational departments and IT personnel. Organizational department heads should alert IT personnel of departing employees to ensure they are aware of upcoming terminations. By being informed, they can monitor the employees’ activities to ensure zero cases of attempted data exfiltration, theft, or unauthorized copying to protect against data loss. Also, effective communication provides IT personnel with ample time to disable the relevant account access privileges and passwords to prevent misuse and insider threats. 

 

3. Delete Employee Digital Files

Most employees are not interested in accessing their former accounts once they leave an organization. Some may even be unaware that the off-boarding process is incomplete, such that they can still access their corporate accounts. On the other hand, a few employees may be notorious insider threats. They can exploit the poor off-boarding practices to maintain access to corporate accounts, emails, and networks for malicious reasons. A recent threat security report revealed that 63% of employees with privileged access pose the severest threat to an organization. When off-boarding employees, companies must permanently delete all their digital profiles to protect themselves from insider threats once current employees leave. Deleting digital profiles ensures they can no longer use insider knowledge to execute cybercrimes.

 

4. Leverage a Staff Off-Boarding Checklist

A holistic staff off-boarding checklist is among the most effective methods for off-boarding employees securely. Specifically, an IT and security-focused checklist should apply once the HR department gives notice of employees set to leave the organization. IT personnel should work with the company’s departments to ensure that the checklist captures all off-boarding responsibilities. By working with the employees’ department managers, IT staff can utilize the checklist to de-provision and disable all access permissions and ensure that the employees return all company-issued equipment to preserve data integrity and confidentiality.

 

5. Continue to Evaluate the Off-Boarding Checklist

All key stakeholders should routinely evaluate the off-boarding checklist to identify shortcomings and areas requiring improvement. The evaluation criteria should focus on whether the organization has suffered any risks in past off-boarding processes and updating the checklist based on the evaluation results. 

A holistic checklist translates to a strong and secure off-boarding process and prevents embarrassing situations involving ex-employees, such as leaked client information or stolen intellectual property. Also, as the technological environment evolves to reflect new digital transformation initiatives, an off-boarding checklist requires consistent updating to ensure complete de-provisioning and disabling of access privileges. Moreover, evaluating the off-boarding checklist frequently identifies and prevents emerging off-boarding risks to protect against data breaches, compliance violations, and breached confidentiality. 

 

About Pulsar Security

Pulsar Security is a team of highly trained and qualified ethical hackers whose job is to leverage cybersecurity experience and proprietary tools to help businesses defend against malicious attacks. Pulsar is a Veteran, privately owned business built on vision and trust, whose leadership has extensive military experience enabling it to think strategically and plan beyond the problems at hand. The team leverages offensive experience to offer solutions designed to help analyze and secure businesses of all sizes. Our industry experience and certifications reveal that our engineers have the industry's most esteemed and advanced on the ground experience and cybersecurity credentials.