In 2007, California Independent System Operators (Cal-ISO) data center, which manages California’s power, terminated an administrator. When this employee realized his access to the network had been disabled, he went to the data center and shut down the power to the building by breaking a glass cover and hitting the emergency “off” switch. His actions left the state of California vulnerable to blackout conditions which, fortunately, never occurred.
This is an extreme example but it does call into focus the importance of properly managing employee security and network access. Having to terminate a person’s employment is never an enjoyable part of the job, but it’s a necessary part of both management and HR to ensure it’s handled with professionalism and within the law. While a manager might help the employee pack up his or her office, much of the post-termination work falls to IT.
You might work for a large company where employee turnover is frequent and procedures are well documented and implemented. Or you might work for a small company with infrequent turnover. Regardless of your situation, best practices exist to make an inherently uncomfortable situation more manageable.
One of the challenges for IT has been the fact that they often aren’t given much time to plan for a termination which makes having a plan and procedures in place that much more important. Managers might think to involve HR early in the process, but often overlook IT as a critical part of the termination plan. That’s unfortunate given the importance IT plays today in terms of security and data preservation.
Let’s take a look at some of these best practices which can help you manage terminations in a smooth and organized manner.
Ideally, terminations are planned in advanced. HR should work with IT beforehand so both departments are on the same page. I had one unfortunate experience where IT was given the wrong date of termination, and I hadn’t had time to meet with the employee. The day before the termination was to take place, the employee showed up for work but his security clearance had been revoked, and he called me from the lobby unable to get into his office. I ended up hastily calling an exit interview. The process was both hectic and unfortunate for the company and the terminated employee.
Most IT departments have specific guidelines and procedures for when an employee is terminated. This include at least some of the following:
- Revoking computer, networking and data access
- Disabling remote access
- Returning of employer owned equipment (often handled at exit interview)
- Shutting off access to building
- Preserving critical data across all devices
The first four items on the list are fairly standard across all businesses. But preserving critical data can be challenging, especially when most employees work across multiple devices. It isn’t uncommon for a sales person to have data scattered across a laptop, tablet and smartphone. Given that much of that data contains private details about the company and clients, it’s imperative that IT works to protect and preserve it.
IT should preserve sensitive data, records and logs just in case the terminated employee files a complaint or decides to take legal action. Some disgruntled employees may try to erase their email, project files or customer records making data redundancy and retention policies important items to have in place well ahead of the termination date.
What do you do with company data that resides on an employee owned device? This is a common scenario today especially with the proliferation of BYOD and smartphones. Legally, the company has the right to retain or purge data from those devices, but the company does not have the right to damage or disable such devices. Remote wipe applications can be a big help in making sure company data doesn’t get into the wrong hands.
I’ve worked at a few large companies where accounts where shared among a number of employees, often within the same department. I’ve recently seen shared accounts in place to access the company’s Google Analytics account. While convenient, shared accounts invite countless problems down the road, and should be avoided.
The key to managing employee terminations is planning whether it’s at the HR, department, or IT level. If you’re an IT manager, and do not have a clear understanding of how employee terminations are communicated throughout your company, this is a good time to call a meeting. While it’s helpful to receive notification of a termination in advance, that’s not always possible. It’s best to plan for the worst case scenario.
Back in 2009, the Ponemon Institute conducted a survey which found that 59% of employees who leave or are asked to leave steal data from their former employers. That’s a staggering statistic especially when you think of how many more devices employees have access to today compared to six years ago.
Terminations happen each day. Most go smoothly. As an IT manager, your role in the process continues to grow as we all rely on more on technology to effectively do our jobs. But technology cuts both ways. It’s up to you to not only lock down your networks, but also help preserve company data when that time comes. That’s a lot of responsibility on your shoulders, and it’s admirable how well most IT managers handle that responsibility.