Security

How to Offboard Departing IT Staff Members

Follow these steps to ensure that your business is protected when an IT employee leaves.

Mike Chapple is associate teaching professor of IT, analytics and operations at the University of Notre Dame.

Editor's note: This article was originally published in April 2024 and has been recently updated.

For many businesses, IT departments can seem like they have a revolving door. With tech workers in such high demand, employees can be lured away by more attractive compensation packages, the ability to work remotely and other perks.

This is particularly problematic for IT workers, who often leave behind a complex web of credentials, licenses and data — elements that, if mishandled, could compromise organizational security. As employees leave, businesses face the daunting task of diligently cleaning up their digital trails.

Among the threats are zombie accounts, for which departing staff leave behind credentials that are never removed. Zombie accounts can lurk undetected for months or years, posing a significant security risk. To combat these cyber vulnerabilities, IT departments should develop and adhere to a meticulous and consistent offboarding strategy.

Click the banner below to read the 2024 CDW Cybersecurity Report.

Step 1: Credential Revocation and Access Control

If an employee’s departure is planned and occurs under friendly terms, the IT department should have a standard account de-provisioning process. This should follow a predetermined timeline, usually set to culminate with the employee’s final day of work. During this period, the employee should be informed about the offboarding process, including the schedule for revoking access to email accounts, organizational networks, databases, VPNs and any other digital resources.

Under this standard process, the IT team collaborates with HR and the employee’s department to ensure a smooth transition, allowing for the secure transfer of work documents, projects and any departmental knowledge necessary for operational continuity. Tools such as Okta and OneLogin can be used to schedule the deactivation of accounts, ensuring that access concludes with the employee’s tenure. This organized and respectful approach not only maintains security but also fosters goodwill with remaining and prospective employees.

Some terminations are not amicable, however, and those cases require immediate action. The IT department must implement an emergency revocation procedure that involves the instantaneous deactivation of all of the employee’s access credentials across all systems. Immediate action minimizes the risk of retaliatory actions or data breaches, which are heightened concerns in such scenarios.

DISCOVER: Why a cyber resilience strategy is crucial for business success.

Under these circumstances, real-time synchronization and access control tools are not just beneficial, they are crucial. Platforms such as Okta and OneLogin facilitate immediate, systemwide revocation of access, minimizing the potential for maliciously compromised data or systems. Additionally, the IT department should conduct a prompt audit of all digital access, ensuring that the former employee hasn’t created any backdoor entry points. This emergency process, though necessary only occasionally, underscores the need for robust security protocols that can respond swiftly to high-risk situations.

Step 2: Comprehensive Data Management and Archiving

The next phase involves managing the digital footprint left behind by a departing employee. IT personnel should work with the former worker’s department to comb through files, emails and other data forms, identifying information that requires preservation. This task can be daunting but is crucial for maintaining operational continuity and complying with legal and organizational data retention policies.

Document management systems can automate part of this process, enabling the business to uphold data retention standards without the burden of manual sorting. If the departing employee’s department uses a document management solution, IT can configure that system to classify, retain or purge files based on the organization’s policies, ensuring that no essential data is lost and that all legal obligations are met.

If the departing employee’s department uses a document management solution, IT can configure that system to classify, retain or purge files based on the organization’s policies.”

Mike Chapple IT analytics and operations professor, University of Notre Dame

Step 3: Assessment of Licenses and Subscriptions

Departing employees often leave behind a trail of licenses and subscriptions for various software and online services used during their tenure. IT departments must undertake a thorough assessment of these digital assets to determine which licenses remain necessary, which can be reallocated and which should be terminated, based on current and anticipated needs.

Tools such as ServiceNow’s asset management solutions can provide invaluable support in this area, offering a comprehensive view of all software licenses, their assigned users and how often they are used. This not only ensures efficient reallocation or cancellation, aiding in compliance with software licensing agreements, but also presents an opportunity for cost optimization.

DIG DEEPER: What is cyber resilience and how can it help organizations?

Step 4: Secure Device Retrieval and Inventory Update

Hardware retrieval is an aspect of offboarding that requires at least as much diligence as digital access revocation — and often more, given the number of remote employees that many businesses have. All devices issued to employees — laptops, tablets, smartphones, ID cards and more — must be returned, thoroughly inspected and wiped of sensitive information before they are reassigned or decommissioned. Overlooking this step could result in a severe data security breach.

An asset management solution enhances tracking and management of physical devices, ensuring that each piece of hardware is accounted for and inventory records remain up to date. This systematic approach secures data and optimizes resource allocation and utilization.

Step 5: Exit Interviews and Reinforcement of Legal Obligations

Exit interviews, while often undervalued, are a critical step in the offboarding process, providing an opportunity to remind departing employees of their ongoing legal and ethical responsibilities. These discussions should emphasize the importance of maintaining confidentiality, particularly regarding business information and trade secrets, and clarify the legal implications of any nondisclosure agreements.

This meeting is an opportunity for the business to retrieve any remaining physical materials and discuss the employee’s experiences related to data access and security. Gathering this feedback can uncover potential system vulnerabilities or areas for improvement, enhancing overall data protection strategies.

UP NEXT: In a world without perimeters, visibility is key to cybersecurity.

Step 6: Continuous Review and Improvement

The digital landscape is not static; it evolves constantly, as do the threats within it. An effective offboarding process today may not be efficient tomorrow. Businesses must commit to the regular evaluation and refinement of their offboarding protocols, ensuring that they remain robust and responsive to the dynamic nature of cybersecurity threats.

This commitment extends to continuous staff training and development, ensuring that all personnel, both within and outside of the IT department, are aware of the best practices and latest trends in data security. Fostering a culture of continual improvement and cybersecurity awareness is not just beneficial, it’s imperative for organizations aiming to safeguard their digital environments in this ever-evolving landscape.