Hybrid working puts IT at the heart of modern offboarding. While HR can collect physical keys to the office, IT has to manage all manner of virtual keys. Think of all those logins and passwords for systems, applications, emails, and servers. Plus any yet-to-be-discovered Shadow IT. Those departing staff may have worked from home, using potentially unsecured networks and retaining passwords. Corporate data can be left on personal devices.
For IT leaders operating in today’s Great Resignation Era, it’s a constant pressure to ensure a breach doesn’t become an employee’s parting gift for the business. Whether accidental or malicious, the risks and consequences are similarly severe. Alongside the costs of data loss and attack remediation, there’s the impact on reputation. With knock-on effects in terms of customer perceptions and loss of trust. There are also the legal implications, and possible fines and court judgments. Alongside the long-term risk to competitiveness, with potential losses of trade secrets and falls in share prices.
Ideally a secure offboarding process would be managed centrally through a single platform. The dispersed nature of modern work makes this a huge challenge. Staff may be working remotely, with devices sent over a period of time, perhaps without a full inventory. This brings up several factors for IT leaders to consider. These include:
Offboarding & impact on existing contracts with IT vendors
IT will need to audit existing employee relationships with third-party vendors. Reviewing outstanding contracts, ensuring handover of accounts. Making sure data and intellectual property doesn’t leave with the employee.
Compliance departments are likely to be involved, checking procedures fall within relevant laws, regulations and directives such as HIPAA or GDPR. Operations, finance and procurement departments will need to know the costs of existing contracts, and whether licensing costs still represent value for money. If you’re looking to reassess them, start with this eBook on Microsoft 365 licensing.
Safeguarding offboarded employees’ personal data
Policies are required to make sure only necessary data is retained. For example, regarding length of service for future reference checks. If the worst happens and the business experiences a breach, it’s essential to minimize impact on ex-employee data.
This usually involves working with HR to ensure accounts are closed at the right time. For one thing, this helps the organization meet governance obligations. It also helps mitigate the risk of malicious behavior from employees departing abruptly or on bad terms.
Cyber attack warning signs: Employee behavior during notice periods
IT leaders may have taken all the necessary steps to secure their organizations from external attacks. Even so, offboarding remains one of the biggest insider attack vectors. That’s why organizations need robust Identity and Access Management protocols, backed with Principle of Least Privilege.
Of course, this is a challenge when operating at scale and across multiple regions. However, it’s essential to manage and monitor behavior and activity, searching for anomalies and high-risk behaviors. Gaining that single pane of visibility has never been more important for managing and revoking access.
Access to Microsoft 365 environments after leaving a company
Self-service M365 provisioning asks plenty of offboarding-related questions. After all, with cloud-based freedom and flexibility comes control and responsibility. Naturally, this relies on employees applying correct procedures around expiration policies, sensitivity labels, and approval flows. Any overlooked or unprotected areas will leave an ecosystem at risk.
Considerations include SharePoint permissions, OneDrive file sharing, and orphaned or open groups. There’s also the issue of devices and data sanitization. Employees may not have returned corporate devices before leaving. Alternatively, their consumer devices may have been used to download or store confidential or commercially sensitive information.
Your invitation to explore how to offboard employees securely
It’s clear that companies require effective, comprehensive, tried-and-tested offboarding. So here’s the thing: Ensuring a successful policy is like ensuring successful Microsoft 365 governance. There’s no one-size-fits-all answer. That’s why we’ve covered many questions and answers in our recent IT industry webinar (you’re invited to watch the recording).
Employee Onboarding: Organizational and technical considerations is for all those in IT responsible for secure offboarding. Two leading Microsoft 365 consultants and specialists share best practices for protecting data and guarding against accidental or intentional attacks. You’ll discover proven methods, strategies, and checklists to secure your business – from organizational and technical perspectives. At the end of the session, you’ll have a proven framework for ensuring robust and secure employee offboarding.
Need a tool that will help you offboard securely?
Want to know how to securely offboard with some help from a tool? In a way that supports governance, and ensures security, with full visibility of your M365 environment?
Check out SysKit Point. The software is your central point for managing all your users and access. Used by everyone from compliance managers and internal/external auditors, to business users and system admins. Provision, automate, and delegate – from one dashboard. Book a demo today and see for yourself how beneficial SysKit Point could be in keeping your tenant under control.