We have seen businesses which have experienced issues after an employee has left their job – either when leaving voluntarily or otherwise – and any in many cases it is because no-one has considered the potential for disruption caused by I.T. when staff are leaving.
Your employees need access to your various business accounts so they can do their job, but what happens to those passwords when they leave? What effect can their leaving have on the security of the business? Nobody likes to think of this but nonetheless, it’s a responsibility every business owner and manager must face at some point.
Most of the time, the former employee leaves under good terms and you’ll wish them well. If you’re lucky, they’ll even manage the hand-over to their replacement so that your productivity losses are minimal. Other employees may leave your business reluctantly or in a storm of anger and suspicion.
Either way the risk to your business remains high until action is taken.
Here are 3 steps you can take to protect your business from retaliation and other password-related disasters.
Limit access to a need-to-know basis
You might be surprised how often a new employee is presented a huge amount of business information on a platter when their actual job requires little more than a computer login. Accounts, strategy, customer details, industry secrets…all those sensitive aspects of your business that have made it a success – exposed.
A better policy is to limit access to only what the employee needs to do their job. Rather than view it as a lack of trust, your employees should appreciate the care you’ve taken to protect your business (and their job). It also helps keeps them from being overwhelmed, confused or tempted if the situation ever turns sour.
Likewise, take a few moments to delete old or temporary accounts that are no longer required, as you never know when a hacker or disgruntled employee will squeeze through the gaps, for example as we found a local business in Lutterworth had an ex-employee still accessing their work email address!
Change passwords fast
On average, it takes at least a week before passwords are changed after an employee has left, if at all. Unfortunately, this is the one type of delay your business can’t afford.
In 2017, an ex-employee from the American College of Education held their entire email system to ransom for $200,000 after an unhappy exit. Stories of others stealing client databases are also common, especially if they leave to start their own business or work for a competitor. Having a contract preventing an employee from setting up in competition with you does not prevent someone getting a copy of the customer database.
It’s not just full-time employees either, contract and part-time employees such as social media managers and customer support staff often have access to more of your business than you might imagine. Recent rulings make it easier for business owners to prosecute former employees who access their systems, however as we know, it only takes seconds to login and wreak absolute havoc.
Knowing you can force those bad eggs into a lengthy court case is poor comfort considering the extent of damage and hassle you’ll experience. The best option is to change passwords fast as this lessens the chance of revenge attacks and opportunistic access.
Use a password manager
If you have good password manager like LastPass, reducing your password risk becomes mostly automated. You’ll be able to keep your logins in a central vault that only you can see, and share based on business roles/need. There’s even an option to share passwords without letting employees see them in plain-text.
Instead of writing passwords down somewhere and manually entering them each time, they’ll be able to connect securely with a click. Plus, you can revoke the share at any time. If their role changes or they leave, you can use the dashboard to see who is having access to what and add/revoke permission at will. If you’re not sure what that employee has been up to, you can also generate reports of their history.
Having a procedure in place when an employee leaves, as well as a review of your employees access levels can prevent a lot of disruption in the future and is a worthwhile investment in your time.
We can help you set up password management and lock down your network. Call us on 01455 209505.