A business will always deal with employee turnover, whether employees leave for a change of scenery, circumstances or even a career change. Unfortunately, a growing trend that police forces across the North West continue to see is cyber attacks on businesses, where disgruntled former employees will attack or remove client/company data when leaving a job.

It's the responsibility of a business to ensure that they have the necessary plans to react to any staff member leaving a business. Does your company know what you'd do if you had to dismiss a staff member for misconduct or due to a cybersecurity breach?

Many businesses will have policies and instructions to; change office locks, take back parking passes, recover work laptops and adjust payroll. But are you forgetting about removing any account access an employee had in your business?

What are the responsibilities of a business with security upon the termination of an employee?

• Before completion of an employment contract
  • Ensure a thorough handover document is written and reviewed.
  • They ensure that any sensitive information, login details, accounts or documents are passed onto their replacement or line manager.
• Before the employee leaves the business
  • Consider the legal implications of any non-disclosure agreement in place before completing the termination of employment.
  • Before completion of the employment contract, ensure that a thorough exit interview is completed.
  • Remind them of their responsibilities and contractual obligations in their employment contract - especially regarding the Data Protection Act 2018.
  • Ensure all employee accounts and login credentials are disabled
  • Ensure any company devices are returned and reset or reviewed before being reissued
• If necessary, consider alerting other team members that the person has left the organisation to avoid them sharing information unwittingly.
• Take the opportunity to ensure you are reviewing.
  • Any security controls on employee devices and accounts for all employees (consider reviewing this annually).
  • What account/data can employees access - do they need this access?
  • Who has administrative access to critical accounts and data? Does this need to be transferred to another staff member?

Do your staff have access to too many accounts or data they shouldn't?

• Social Media Accounts
• Bank Accounts
• CRM System
• Credit card/Accounts/Payment details

As an employer, you should consider reviewing which employees have access to these accounts and systems annually. Then, remove any employees who have left and terminate access from employees you believe shouldn't have access to these accounts or sensitive company details.

Suppose your business found that an employee had been downloading lists of sales prospects with contact details from your CRM system and then sending these files to a local competitor. What would you do next?

1. Lock and suspend any activity on this employee's accounts
2. Investigate the employee's performance to confirm suspicions and attain evidence of wrongdoing
3. The employer should review any account access and data of the employee
   1. Employers should review other employees' account access and data so this isn't repeated.
   2. Revoke access where needed
4. If necessary, consider alerting other team members that the person has left the organisation to avoid them sharing information unwittingly. Ensure they're aware and alert in knowing to report anything suspicious.

Has your business recently dealt with a Cyber Incident? Do you want to ensure your network is secure after dismissing a staff member?

,Contact us today to discuss any cybersecurity questions relating to former employees or learn more about our ,Network & ,Website Vulnerability Assessment(s). We can ensure your company is not open to cyber attacks from current or former employees.