Employee turnover is bound to happen from time to time. It doesn’t matter whether an employee leaving for a new position, or from an employee being terminated. Our recommendations regarding technology changes in the process turnover stay the same.

Remember that many of these steps can be accomplished simultaneously and all of them should be completed as quickly as possible. If you plan to terminate an employee, your IT department/provider should be notified. This allows them to plan for many of these steps to be scheduled, rather than rushing through them post-termination.

The list below is not comprehensive, but applies to many organizations. Take the time to create your own list based off of your organization’s technology stack. Take into account the employee’s position and which components they utilize from your technology stack.

Technology Assets

Remote and hybrid employees are generally issued technology assets. This assets are company property that should be inventoried and issued to employees. An inventory of assets, location, and issued to information is useful for several reasons. In regards to this post, it is most useful to ensure that all assets are received back upon turnover.

Some of these assets include:

  • Desktop & Laptop Computers
  • VoIP & Cell Phones
  • Apple iPads, Android Tablets, Writing Tablets
  • Portable Projectors & Presentation Equipment
  • and more…

These technology assets generally have data relating to your company on them. Assets should be requested back immediately to ensure your data does not fall into the wrong hands.

Access/Logins

Employees, no matter the job usually have logins or access to systems. This includes janitors with after hours access to the building, to C-level employees that have access to nearly everything.

It doesn’t matter whether the employee turnover was amicable or hostile. All access should be inventoried and reviewed to ensure that no potential risks might allow someone to access to systems.

Physical Access

Access codes, or key locks should be changed to ensure that the employee no longer has physical access to systems. While this seems like common sense in hostile terminations, It should also be done in amicable terminations.

There have been instances that past employees attitude toward the company changed after they have left a company. In some cases, they find data or property useful for enhancing their new employment position, or improving their finances.

Physical keys should be changed since they can easily be copied at any local hardware store.

Security System Codes/CCTV Access

If the past employee had dedicated security system code, it should be disabled. If it was a shared code with other employees, it should be changed.

**We highly recommend that each person with security system codes have a separate code assigned to them.**

Remove CCTV access so that previous employees can no longer access cameras footage. Certain access levels allow viewing or removal of footage stored on NVRs (Network Video Recorders) and DVRs (Digital Video Recorders).

Email/Communications Logins

Email and communication logins that aren’t changed quickly allow past employees to utilize your systems to communicate with vendors, clients, patients, and others. This could be a massive risk to your company’s reputation if the past employee decides to utilize it.

Past employees could also utilize communications systems to take data, secrets, customer/patient lists, and more to a potential new employer, or sell them for financial gain.

  • Change passwords or disable email accounts that the past employee had access to. If you disable the account, we recommend forwarding future emails to another employee, or a replacement employee. Utilizing a business class email system will allow you to easily disable an employee email account, reset their email password, and transfer/forward their emails to a different user.
  • Change the past employee’s VoIP (Voice over IP)/unified communications password, including their voicemail PIN or disable their account. When doing this, communications should be forwarded to someone assigned to cover their duties/clients/patients, or to a new employee who takes over their position.
  • Disable accounts, and reassign relationships in your CRM (Customer Relationship Management) system. Many CRMs allow your employees to communicate with customers, see customer/vendor lists, and more. If your employee had enough access, they could potentially see an entire customer list which could expose your customer list to being sold or called upon by someone outside of your organization.

Financial and Accounting Access

With cloud accounting software, past employees could easily have access to financial data, customer lists, vendor lists, and more. Access should be disabled quickly, this will prevent further access. With cloud accounting software charging per user in some cases it could save your organization money.

If your organizations processes credit or debit cards, you should also terminate access to credit card processing systems/portals. This can ensure that they don’t have access to void payments, process refunds, process payments, or export payment data.

EHR (Electronic Health Record) systems

Disable access to EHR (Electronic Health Record) systems. A EHR breach could expose your patient list to your competitors. It also could damage your reputation, and even become a financial burden due to fines or lawsuit.

Computer Access

If your organization uses active directory or similar systems, disable the past employee’s user account. If your organization uses shared user accounts, the account’s password should be changed. If they used a dedicated computer, their account should be disabled on that computer.

In Summary

With the many systems that are utilized in everyday businesses, you should create a plan that applies to all employees. List out all systems that any employee could have access to and when you need to terminate an employee. In review, you can simply mark off the systems that don’t apply. When access is disabled, removed, or changed, you can simply check it off.

When possible, plan employee terminations with your IT provider to ensure they are not caught unaware. Access to many systems can be disabled prior to, or while termination is being discussed with an employee. This prevents a potential angered employee from having access to copy, export, or delete any data after they are informed of their termination.