I am a small business owner that is overwhelmed by technology, but a recent incident with a former employee made me realize I may need some help. What do I need to be concerned about when I let an employee go so I know that they can’t get back into our company computers?
This question was answered on March 9, 2007. Much of the information contained herein may have changed since posting.
Employee Dismissal Procedures used to be heavily mired in legal issues and still are, but most employers should also think about what their exposure is from a technology standpoint.
The primary areas of concern is access to company files, sabotage or continuing to represent themselves as an employee of the company , electronically.
The obvious items are the employees company e-mail address, their username and password for accessing the network from within your building and any external access points that they may have had access to.
The e-mail address needs to be evaluated to decide whether turning it off or forwarding it to another employee makes the most sense.
For instance, if this person was in a sales position, you would likely be better off forwarding any new messages to another sales person or the sales manager so that potential customers did not get a “bounced message” if they did send anything to that address.
If their position did not entail dealing with folks outside of your organization, then disabling the account might be a better choice (so that any junk mail that is sent to that account does not pile up on someone else).
The network username and password should be disabled immediately (or before the termination if you feel that a security threat may be possible) Common last minute attempts, especially from disgruntled employees, include making a copy of any customer lists or proprietary information that my help them get a position with a competitor or sabotage of important files.
While attempts at sabotage are generally easy to track, if they are successful, you end up with a lot of extra work to get things back on track.
Remote and wireless access are two of the newer issues that must be reviewed With the popularity of remote access VPNs (Virtual Private Networks) and wireless networks, you must remember to shut down any outside access that they may have had and change the encryption key on your wireless router (if they new what it was) so they can’t sit in a nearby parking lot and connect to your network.
You also want to review any access codes they may have with vendors, financial institutions, trade associations, customer’s sites, Instant Messaging, your company’s extranet or any third-party affiliations with your business.
If the individual had access to or knowledge of usernames and passwords from fellow employees, you may want to have everyone on your network change their password (this can be forced automatically on most networks the next time the user tries to log in).
The best time to think about your exposure and create the procedure is before you are faced with the issue, so if you own or run a business (no matter how big or small) make some time for this very important issue.
About the author
Posted by Ken Colburn of Data Doctors on March 9, 2007