A business will always deal with employee turnover, whether employees leave for a change of scenery, circumstances or even a career change. Unfortunately, a growing trend that police forces across the North West continue to see is cyber attacks on businesses, where disgruntled former employees will attack or remove client/company data when leaving a job.
It's the responsibility of a business to ensure that they have the necessary plans to react to any staff member leaving a business. How can an employer protect themselves when an employee is fired?
Many businesses will have policies and instructions to; change office locks, take back parking passes, recover work laptops and adjust payroll. But are you forgetting about removing any account access an employee had in your business?
What are the responsibilities of a business with security upon the termination of an employee? How can an employer protect themselves when an employee is fired?
Before completion of an employment contract
Ensure a thorough handover document is written and reviewed.
They ensure that any sensitive information, login details, accounts or documents are passed onto their replacement or line manager.
Before the employee leaves the business
Consider the legal implications of any non-disclosure agreement in place before completing the termination of employment.
Before completion of the employment contract, ensure that a thorough exit interview is completed.
Remind them of their responsibilities and contractual obligations in their employment contract - especially regarding the Data Protection Act 2018.
Ensure all employee accounts and login credentials are disabled
Ensure any company devices are returned and reset or reviewed before being reissued
If necessary, consider alerting other team members that the person has left the organisation to avoid them sharing information unwittingly.
Take the opportunity to ensure you are reviewing.
Any security controls on employee devices and accounts for all employees (consider reviewing this annually).
What account/data can employees access - do they need this access?
Who has administrative access to critical accounts and data? Does this need to be transferred to another staff member?
Do your staff have access to too many accounts or data they shouldn't?
Social Media Accounts
Bank Accounts
CRM System
Credit card/Accounts/Payment details
As an employer, you should consider reviewing which employees have access to these accounts and systems annually. Then, remove any employees who have left and terminate access from employees you believe shouldn't have access to these accounts or sensitive company details.
Suppose your business found that an employee had been downloading lists of sales prospects with contact details from your CRM system and then sending these files to a local competitor. What would you do next?
Lock and suspend any activity on this employee's accounts
Investigate the employee's performance to confirm suspicions and attain evidence of wrongdoing
The employer should review any account access and data of the employee
Employers should review other employees' account access and data so this isn't repeated.
Revoke access where needed
If necessary, consider alerting other team members that the person has left the organisation to avoid them sharing information unwittingly. Ensure they're aware and alert in knowing to report anything suspicious.
Has your business recently dealt with a Cyber Incident? Do you want to secure your network after dismissing a staff member?
Contact us today to discuss any cybersecurity questions relating to former employees or learn more about our Network & Website Vulnerability Assessment(s). We can ensure your company is not open to cyber attacks from current or former employees.
