I read a sentencing brief recently that included a laundry list of fraudulent actions an employee engaged in that eventually led to their termination and criminal prosecution. While the employee’s actions were astounding, the level of access they still had in the organization following their termination was even more astounding. After they were terminated, they were still able to remotely access sensitive corporate resources and used that access to delete files to try and cover their tracks.
How could this have been prevented? In the same way that a company would have plans to onboard a new employee, they should also have detailed plans to offboard an employee. This results in a consistent process that ensures an employee’s network access is removed at the time of their departure.
Each organization will have a different set of offboarding steps required, but the basics would be the same throughout. Has physical and remote access been disabled? Has company data been removed from personal devices? Is there data and emails that need to be retained or reviewed? Who should be notified of the termination?
Having these detailed steps in place, and following them on a consistent basis, ensures that the organization is diligent in protecting against rogue actions by former employees.