Close this search box.

This content is made possible by our sponsors. Learn more here.

4 Steps in IT Offboarding to Protect Data & Minimize Risk

When employees are laid off or let go, the conversation of technology offboarding can be an uncomfortable one.

However, cybersecurity and data protection must be a priority. This can alleviate the worry of losing data or suffering reputational damage and handling it properly can ensure a smooth transition. Here are some IT onboarding and offboarding best practices to protect your business from insider threats.

Your Employee IT Offboarding Process Checklist

When you’re offboarding employees, the digital age has made the process more complicated than sending out final paychecks and packing up their desks. A good employee offboarding checklist for IT starts with creating an email policy, removing access to sensitive data, retrieving company-owned assets, and backing up data.

1. Create a policy for email account deactivation

Many employees use their emails to send information back and forth regarding projects and sensitive client data. If they still have access to this information after being let go or putting in their notice, this can create a cybersecurity risk depending on the temperature of their departure.

It’s an unfortunate reality that disgruntled employees could use this information to steal clients in the future when they work somewhere else, or use data in other nefarious ways. They also pose the risk of causing damage to morale by badmouthing the company to other employees over email.

The solution to this is to create a strong policy on email deactivation. As an employer, you should have access to their conversations with customers up to that point. This includes instances where they were involved in transactions or conducting business on your behalf.

Retaining data while securing the account is essential for both cybersecurity and continuity, so new hires can pick up where the last person left off with their projects. It’s a good idea to retain email data and other employee records for one year or more after an employee leaves your company, so you can retrieve any crucial information for your records.

2. Removing Access for Terminated Employees

Identifying what permissions or access you will need to revoke after an employee leaves starts with understanding what tools and assets they use to complete their jobs. You can gain this understanding right when you hire a new employee. Working with your HR teams in each onboarding is a great opportunity to determine a list of tools they will access in their role.

This will determine if they have any passwords to company accounts, social media profiles, etc. You can use this information to ensure no accounts fall through the cracks during the offboarding process.

3. Immediately recover company-owned assets

The process of retrieving business-owned assets such as laptops, hard drives, company cell phones, and other devices can get tricky with fully remote employees. In some cases, your staff might work in different states or even countries, complicating this task.

For remote employees, it’s relatively easy to shut down their accounts and lock them out of your network. However, even though you can remotely lock them out, you’ll want to be proactive about sending a prepaid mailing stamp to them so you can retrieve the assets ASAP.This can help prevent them from damaging any company property before it’s returned.

4. Back up data as necessary

Just like with regular cybersecurity, it’s important to have backups so data is not lost if it falls into the wrong hands. Ransomware attackers exploit businesses that can’t afford to lose sensitive information or have it leaked. The same principle applies to the ways disgruntled employees might handle sensitive information if they know it can damage your organization.

To protect your data from permanent deletion, the most effective method is to back up data regularly. This will give you some leverage if ex-employees try to destroy data before you have the chance to remove access.

How Can Organizations Protect Against Insider Threats?

Hopefully, this will give you a solid start on creating a smooth and positive offboarding experience for departing employees whenever possible. However, if you’re looking to revamp your IT and cybersecurity strategy, IT support for businesses is an excellent resource. Managed IT services for businesses allow them to get expert advice and comprehensive evaluations to determine critical vulnerabilities and solutions.



Essential business news, thoughtful analysis and valuable insights for Central New York business leaders.

Copyright © 2023 Central New York Business Journal. All Rights Reserved.