Making the decision to terminate an employee of your firm can be a hard task to carry out. Once you have made the decision and informed the employee that they are no longer apart of your firm, proactive measures must be taken to protect the firm’s data. Terminating an employee, whether for misconduct or a reduction in force, is almost always never a pleasant task. Voluntary termination by an employee through resignation or retirement may not carry the negative effects of an involuntary termination, but the proactive measures should still be implemented. At times, employees may be disgruntled about losing their job. Your firm should protect itself from intentional or even unintentional sabotage by a former employee.
IT or the manager should immediately revoke all computer, network, and data access the former employee had access to. Remote access to the firm’s network and other data should be revoked immediately. The former employee should not have access to the company-owned property, such as a laptop, computer or intellectual property such as files containing client’s information, firm trade secrets and billing information.
Change Passcodes and Methods of Entry
Allowing an employee to continue to have access to privileged information about the work product of the firm or clients can lead to unwanted exposure of confidential information. If the office has a secured entrance, make sure to collect any keycards or physical key from the employee. Changing passcodes to entry of the office should be done as well. If a former employee is disgruntled, they may decide to come back into the office and destroy the property or obtain confidential company files or information.
Confiscate All Technology Devices
If the employee had a company phone or laptop, be sure to retrieve those devices before the employee leaves the property. If this is done after the fact, the former employee may refuse to return any devices. They may use this as leverage against the firm and begin to initiate demands. Get a list of all the documents and other pertinent data that the employee was using or working on. It will also be a good idea to find out what templates or documents that have been forwarded, downloaded or copied, that is property of the firm.
Email and Web Based Accounts
Restrict access to all email accounts that the employee has access to. You can create a temporary account with limited accessibility and user rights to ensure that all incoming emails from clients and other business dealings are redirected to another employee. Even if you think that the former employee would not do anything to harm the firm, lax policies can expose your whole network make your firm vulnerable to a security breach.
Just as the granting of access should be documented for future reference, the revocation of access should also be documented as well, especially for legal purposes. The results of this effort should be greater protection of the firm’s data as well as being prepared for any litigation regarding data theft, hacking, and other forms of illegal or misuse of company technology and information.