Employee Termination from an IT Perspective
The IT department needs to be involved in employment termination
Letting an employee go can be a dirty job, but the IT department must help do it - always, if you're smart.
It is necessary to involve IT in the employee termination process because a former employee who still has access to a company's network and proprietary corporate data is a security threat. In the majority of terminations, the former employees would never think of doing harm to your computer systems, but why take the chance that you may have run into the one bad egg?
Moreover, it is smart to conserve certain technological resources, data, and logs in the event that the former employee or the company itself decides to pursue litigation.
Finally, it is essential to integrate IT into the process to help ensure that employee termination controls are comprehensive enough to meet relevant Sarbanes-Oxley requirements.
Information security and data retention policies must be company-specific and tailored to the laws under which your company operates.
3 IT Principles Companies Need to Address
Nevertheless, there are at least three broad IT principles to which a company should adhere when and after terminating an employee.
- Prompt notification of the termination to the IT department - even a heads up in advance of the termination meeting is appreciated so IT can bar access while the meeting is taking place.
- Every company should have a strictly enforced policy that clearly states who is to notify whom when someone's employment is ending or has ended. This policy should also mandate that these notifications are given immediately so all of the departments involved can take prompt action.
An information security contact should be among those who are notified, and this person's responsibilities should entail researching, documenting, and revoking an employee's access to the company's electronically stored proprietary information and its information systems.
- Prudent revocation of access. Once notified, IT is responsible for immediate revocation of access and preserving any records that the company might need now or in the future.
What to Do When Employment Is Terminated
In the case of a terminated employee, IT should immediately revoke all computer, network, and data access the former employee has.
Remote access should also be removed, and the former employee should be dispossessed of all company-owned property, including technological resources like a notebook computer and intellectual property like corporate files containing customer, sales, and marketing information.
However, in the case of an employee whose end of employment is only imminent, IT should consult with the employee's manager, HR, and other key decision-makers to determine the appropriate manner in which to stagger the revocation of access over the person's remaining days of employment.
Just as the granting of access and security clearances should be documented for future reference, the revocation of access should also be documented, especially for legal purposes. The goal, of course, should always be to revoke access in ways that make good business sense financially, technologically, and legally.
Preemptive Preservation of Data
Every company needs to have data redundancy and retention policies that satisfy its business needs and adhere to applicable laws. Such policies address the backup, restoration, and preservation of corporate data in general.
However, a company should also enact policies that detail when and how IT should go about preserving potentially and particularly sensitive data, records, logs, and other materials that could be of legal significance, were the company and former employee to wage a legal battle.
It is especially important to do this in the case of a former employee who held a high-level position or left the company under a cloud of suspicion.
The appropriation and application of these three principles should be the collective work of the company's executive staff, IT and HR departments, and legal counsel that specializes in computer forensics and the laws governing the company's use of computing technology.
The results of this cooperative effort should be greater protection of corporate data as well as better preparedness for litigation regarding corporate data theft, hacking, and other forms of illegal or ill-advised uses of computing technology. Working with IT as a valued partner guarantees that these goals are achieved in the event of an employment termination.