Typically, businesses pay the most attention to security while employees are working with their data, like password hygiene, software account management, and network access. But these same companies often leave out two of the most important moments in an employee’s lifecycle in their employment: onboarding and offboarding. That’s because when a new employee joins, there is usually a backlog of needed support, and the focus is to get the employee trained and helping as quickly as possible. And when an employee leaves, the focus shifts to finding a way to fill the gaps left behind so remaining employees don’t feel burdened or stressed. These are extremely valid concerns, but they distract companies from completing some of the most vital steps that keep their company safe.
Onboarding a New Employee
When someone new joins your organization, how do you manage their first few days or weeks? Chances are that you fall into one of two categories of small businesses:
- The new employee follows a series of standardized processes involving HR/Payroll, IT, training, etc.
- The new employee fills out a few forms, then gets straight to work with on-the-job training and job details are filtered in as other employees have time.
To be honest, there’s no right or wrong way to get a new employee fully up to speed because every industry has different needs, and every company operates uniquely. But there is a right way when it comes to your company’s security.
Before the employee starts, IT must be notified so they can make sure that the employee not only has access to the right equipment and software, but also so they can fully communicate the right way to set up their access, get into the network, and virtually collaborate with others. This is true no matter who handles your technology—the professional(s) who govern what the company uses and who uses it must be given all details about the role and the word modes of the new employee, including but certainly not limited to:
- The type of equipment they’ll be using
- All software they need accounts in and get access to
- What kinds of data they’ll need to interact with
- Which teams they’ll be a part of or work with regularly
- Who they report to and who reports to them
- If they’ll need to be able to grant/revoke permissions for others
- Where they’ll physically be working and how frequently
Onboarding a new employee without structure or tracking creates opportunities for incorrect system access which can slow the trainee down or confuse their onboarding. It can also set the new employee up for future issues like incorrect permission and equipment set up, system incompatibilities, and unexpected downtime.
Offboarding an Employee
Even more critical than onboarding, offboarding has the potential to create huge security risks because the company typically no longer has control over or access to the ex-employee.
Human nature is impossible to govern and it’s also impossible to gauge how someone will feel about leaving their employer even if it’s on their own terms. So, yes, there is obvious concern when a disgruntled employee leaves because they may leave with vital information or destroy your data. But this risk also exists for those leaving on good terms. Many workers feel that what they’ve produced or contributed to is theirs as well and, without IT or management knowing, they collect mountains of data to save to their personal files. It’s hard to know whether this information can contribute to future issues for the organization. Even well-meaning employees can cause problems by being a little too zealous about “cleaning out their desks” and delete seemingly unimportant emails, files, or chats.
Companies must protect themselves from both unhappy and happy ex-employees by installing procedures that can be executed at a moment’s notice. Some ways to do this are:
- Immediately be able to revoke access to any company accounts that the outgoing employee may have. This includes email addresses, applications and software used for work purposes, server, shared drives/folders etc. This can be done by revoking access, restricting access to their user ID, or completely deleting their account.
- Change any shared passwords.
- Inform vendors and other organizations that they shouldn’t allow any requests for data or access from the ex-employee, and also let them know who in your company will be taking over their role.
- Retake ownership of their computer and other company-issued devices.
- Perform audits on all accessible equipment that the employee used to ensure there has been no unauthorized data sharing or transfer.
- Ensure they are not leaving the premises with any hardware such as USB drives that may contain sensitive information.
- Monitor your IT network for any unusual activity.
How to Ensure You Don’t Miss Vital Steps
Unavoidably, both onboarding and offboarding an employee creates disruption for both management and team members. And unfortunately, both instances pose potentially big risks for your company, even if it’s only one small step that’s skipped during the process.
Just like everything else in business, though, creating and following the processes can be streamlined so it takes as few resources as possible while still ensuring that everything is buttoned up. If you need help either creating your onboarding/offboarding policies or managing the activities in them, just reach out to us. We have fully tested and secure processes across a wide variety of industries and needs, and we’re able to execute them from just one Help Desk ticket.