Login and password

They’re fired, but what about their passwords?

It can be difficult to fire or part ways with an employee. You’re losing a valuable asset if they’re leaving voluntarily, but someone being fired can leave you in a lurch. You have the task of launching a disciplinary process and then holding a meeting at the time of termination. But there are other things to think about. Primarily security and the ex-employee’s access to company data.

It’s important to have a process in place so that whenever a termination or parting of ways occurs, nothing slips through the cracks regarding your business’ security. Here are some considerations regarding passwords and voluntary termination or involuntary termination.

When an employee is let go, immediately change all the passwords to anything the employee had access to. You should have a few days to make a plan and define the process for cancelling access. Don’t make the changes in security before your final meeting and dismissal. Instead, plan ahead and assign someone to disable their passwords during the time you are having the termination meeting. Before the meeting, be sure you have a list of all access cards, keys, etc. prepared so they can be cancelled before the employee leaves the building.

If your company has, let’s say, a Twitter account, you don’t want the ex-employee tweeting through it, so be prepared to change all social media passwords. We mention this because often companies and organizations either forget about these kinds of access or hesitate to change passwords due to hardships that occur and getting everyone access again. Trust us. The effort is worth it!

The possibility of having to lock out an employee may make you consider measures you have avoided so far. Consider a shared wifi password. Do you really want to change it for everyone or is it time to use a managed router and individual authentication?

If someone voluntarily leaves your employment, you hopefully have 2 weeks or so to implement a similar plan as above. Use your best judgement as to whether the soon to be ex-employee will be up to no good during their final days. That is only something you can judge on an individual basis.

Make sure you have a solid data backup and continuity strategy in place. You may need to compare data after the employee is gone to see if any sensitive data was moved or deleted.

We always recommend that you force a password change for immediately surrounding co-workers and consider a company wide reset. You may be unaware of shared passwords. Even though they are not supposed to use each other’s passwords, it may be going on anyways.

Lastly, you should consider pushing a remote wipe to the terminated employee’s BYOD devices from your Exchange server. This should remove only company data and reboot the phone to prevent access. Be aware that you might end up wiping all data from the phone, so you might openly ask them to delete company data on the device while they’re with you in the office. It will make it easier on themselves in the long run.

If you have questions on how to deal with departing employees, give us a call at 309-444-7263. TimbukTech can help you develop an employee termination procedure.