top of page
Writer's pictureJared Thompson

How can an employer protect themselves when an employee is fired?

A business will always deal with employee turnover, whether employees leave for a change of scenery, circumstances or even a career change. Unfortunately, a growing trend that police forces across the North West continue to see is cyber attacks on businesses, where disgruntled former employees will attack or remove client/company data when leaving a job.


It's the responsibility of a business to ensure that they have the necessary plans to react to any staff member leaving a business. How can an employer protect themselves when an employee is fired?


Many businesses will have policies and instructions to; change office locks, take back parking passes, recover work laptops and adjust payroll. But are you forgetting about removing any account access an employee had in your business?


dismissed from job

What are the responsibilities of a business with security upon the termination of an employee? How can an employer protect themselves when an employee is fired?

  • Before completion of an employment contract

    • Ensure a thorough handover document is written and reviewed.

    • They ensure that any sensitive information, login details, accounts or documents are passed onto their replacement or line manager.

  • Before the employee leaves the business

    • Consider the legal implications of any non-disclosure agreement in place before completing the termination of employment.

    • Before completion of the employment contract, ensure that a thorough exit interview is completed.

    • Remind them of their responsibilities and contractual obligations in their employment contract - especially regarding the Data Protection Act 2018.

    • Ensure all employee accounts and login credentials are disabled

    • Ensure any company devices are returned and reset or reviewed before being reissued

  • If necessary, consider alerting other team members that the person has left the organisation to avoid them sharing information unwittingly.

  • Take the opportunity to ensure you are reviewing.

    • Any security controls on employee devices and accounts for all employees (consider reviewing this annually).

    • What account/data can employees access - do they need this access?

    • Who has administrative access to critical accounts and data? Does this need to be transferred to another staff member?


Dismissed from job

Do your staff have access to too many accounts or data they shouldn't?

  • Social Media Accounts

  • Bank Accounts

  • CRM System

  • Credit card/Accounts/Payment details

As an employer, you should consider reviewing which employees have access to these accounts and systems annually. Then, remove any employees who have left and terminate access from employees you believe shouldn't have access to these accounts or sensitive company details.


Suppose your business found that an employee had been downloading lists of sales prospects with contact details from your CRM system and then sending these files to a local competitor. What would you do next?

  1. Lock and suspend any activity on this employee's accounts

  2. Investigate the employee's performance to confirm suspicions and attain evidence of wrongdoing

  3. The employer should review any account access and data of the employee

    1. Employers should review other employees' account access and data so this isn't repeated.

    2. Revoke access where needed

  4. If necessary, consider alerting other team members that the person has left the organisation to avoid them sharing information unwittingly. Ensure they're aware and alert in knowing to report anything suspicious.

Has your business recently dealt with a Cyber Incident? Do you want to secure your network after dismissing a staff member?

Network Vulnerability Assessment Banner

Contact us today to discuss any cybersecurity questions relating to former employees or learn more about our Network & Website Vulnerability Assessment(s). We can ensure your company is not open to cyber attacks from current or former employees.

Comments


How can we support your business?

Phishing 292 x 219px.png

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.

 

Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

You can purchase single-place training spots or a cyber security workshop.

Community Members

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.

 

This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page