3 min read

When Employees Leave, Make Sure They're Gone

Employee resignations and layoffs raise questions about network security and data security. Here are 7 ways to protect your small or midsize business
4. Cut access immediately.
Or sooner. When the termination or layoff arrives, make sure it arrives after you or your system administrator have canceled relevant passwords, access codes, etc.

5. Remote control.
Telecommuters, mobile, and remote employees pose special layoff/termination concerns, just as every other aspect of their performance and operational management does. Terminations-for-cause should, obviously, be done in person (if possible on site, rather than summoning them to the home office with their equipment: That's a signal you don't want to send.) But the same care should be taken with not-their-fault layoffs -- employees who have just been let go but still have access to their notebooks and other equipment can acquire copies of resident data even if their network access has been shut down.

6. Do an audit afterward.
The minute to begin an in-depth and ongoing data and network security and access audit is the minute you begin to plan the termination or layoffs. Word does leak out, people do get wind of bad news in the offing. Your IT staff -- or an outside service -- should begin monitoring the entire infrastructure for any indication of unusual, suspect, or outright malicious behavior, copying, deleting, or code-planting. And you should keep an eye out for some time after the departures. (You actually should be watching this all the time, as you undoubtedly know.)

7. Watch for bad word-of-mouth.
The Internet provides disgruntled former employees enormous opportunity to spread the bad word about you and your company. Blogs, MySpace, YouTube, e-mailings, and countless other venues can be used to send bad -- and in some cases actionable -- messages about you and your company. Keep your ear to the electronic ground.

Clearly, this is a far from inclusive list -- that personal thumb drive on your employee's keychain might or might not hold company data as the worker drives away for the last time. It's worth undertaking a thorough digital "exit-plan" with your IT manager and staff, considering every possible threat and planning their counteraction. Should your IT manager or high-level tech staff be the terminated party, you have a whole new and even larger can of worms to deal with, which we will explore in an upcoming column.

Just as clearly, most of the matters sketched here should be approached with equal seriousness with your human resources staff and legal counsel. That last can prove vitally important if there is the potential for prosecution of the former employee, whether for alleged criminal activity or potentially libelous or slanderous comments made online after termination.

Most employees, of course, aren't threats, and most of them will depart without taking harmful action against your networks or your company.

But you're not planning and deploying your defenses for most employees -- just for the ones who can come back to haunt you after they're gone.

Keith Ferrell is the author of a dozen books and countless magazine and newspaper articles. The editor of OMNI Magazine from 1990-1996, he also is a frequent speaker to corporate and institutional audiences.