Security - adding and removing staff
Many years ago we realized we needed a checklist for all incoming and departing employees.
There are so many things to consider on both sides of the relationship, so these checklists have been invaluable. How about you? Do you have a checklist to onboard new staff? Next question - do you have a checklist to off board?
When bringing on a new employee, they may need specific company procedures; a network or hosted server log on with specific document rights; a login to your accounting software with a specific security group or access limitation; a company-issued cellphone; a company computer; access to certain software programs, some of which might be in the cloud; a name badge; specific tools for their role; they'll need their email setup, and maybe access to other calendars; maybe they need a company credit card; they have to be setup in payroll with wage info, marital status, and all the right forms; when in the office, where will they sit?
Most people agree that it takes a lot of effort to onboard a new employee. So how much thought do you give to a departing employee? If they're on their way out, just grab their gear and move on, right? Not so fast; we'd like you to consider a couple of factors, specifically as they relate to critical software, network access, document access and licensing.
Where to start? Let's begin with one of the most common questions we hear, which is one of the biggest risks to the security of your data. When an employee departs, did you alert your IT company?
At a minimum, their password should be changed immediately so they don't have access to log into the network or the hosted server. Depending on their role in the company, it may even warrant a lockdown across the network.
Their email password should be changed, and the account should either be forwarded to someone else (hosted Exchange), or changed to a shared mailbox to retain access and free up the M365 license. If you're using M365 OneDrive and/or SharePoint, you'll definitely want to contact your IT group and arrange to limit OneDrive access and to turn off SharePoint access on any computers they may be using at home. You may have collected their company computer, or the one they used in the office, but if they worked remotely, they may have installed M365 on a home computer or laptop. If that's the case, they can log in unless you've changed the password and made a few changes.
Many accounting project management software packages and CRM (Customer Relationship Management) software use Windows authentication. That means if the user's network logon and password gets them on the server, they can then launch the software. In addition to changing their network password or removing their account, you'll want to remove them or change security in your accounting software or CRM.
You might have other web-based software packages. This might be a phone system (VoIP), a bank site, a scheduling or project management program.
Do you have a list of what software you setup for them? If you do, take out that list and change passwords, update access, or remove users. If your vendors charge by user counts, you'll definitely want to reach out to them. Sometimes all you can do is free up a license because you've committed to a certain number of licenses for a period of time, or the licenses were part of a purchase; other times you can adjust actual users which are billed month-to-month.
Recap: At a minimum, passwords and access should be changed. There are a number of services that are based on user counts, so get these updated. If you don't already have it, create that departure checklist list so you're ready.
• Catherine Wendt is president of Syscon.