The Biggest Offboarding Mistake Small Businesses Make

Many small businesses don’t give proper attention to offboarding former employees. This can be especially problematic if the employee was terminated and yet still has access to their logins, company emails, cloud storage, and databases. It’s a sobering reality that is a common one for many small businesses that don’t have a thorough offboarding process in place. Every time an employee is discharged from the business, every account, permission, and login must be revoked. Otherwise, this can potentially create an “insider threat”. This isn’t even always a malicious threat; however, old accounts are breeding grounds for hackers as sensitive information lies dormant in deserted inboxes while forgotten SaaS subscriptions continue to slowly drain company funds. The results can be embarrassing at best and catastrophic at worst. 

Once an employee departs, the goal becomes a security measure to thoroughly remove the user’s digital footprint from the business. This means that close connection between the HR team and the IT team is extremely important. Here are some steps to consider adding to your offboarding policy: 

1. Inventory all the devices and accounts the departing employee had access to.  
2. Disable or revoke permissions on login credentials, VPN access, and any remote connections/accounts they may have had.  
3. Reset passwords for any accounts they shared with others in the company, such as a social media account or shared folder or workspace.  
4. Revoke permission to any cloud-based applications, such as Slack or Microsoft 365. 
5. Be sure that all company devices issued to the employee have been reclaimed, including any mobile devices that might need to be wiped remotely.  
6. Immediately begin forwarding emails in the employee’s work email account to a manager or supervisor for a period between 30 to 90 days, then archive or delete that mailbox. Depending on the circumstances, it might be helpful to set up an autoreply to inform others of the departure and information for a new contact within the company. 
7. Confirm that no critical files were stored on any personal devices.  
8. As an extra layer of protection, check the access logs of the employee in the days leading up to their departure to be sure there was no sensitive data downloaded outside of the scope of their normal tasks.  

The biggest offboarding mistake you can make is delay. Even amicable departures pose a financial, security, and compliance risk to your whole business. At Tech Eagles, we know how important these steps are to protect you and your team. Call us today for a consultation!