In this excerpt from Chapter 6 of The Little Black Book of Computer Security, author Joel Dubin provides an outline of security measures to take when terminating an employee.
You do the best to hire the best, but even then, employees sometimes need to be terminated. Regardless of whether the reason is performance-based or due to business losses, you should employ the following safeguards to protect your IT environment:
1. Review all your termination procedures with the legal and human-resources departments, and obtain
2. Take the following steps prior to terminating an employee:
2.1. Inventory all systems, networks, applications, and data that the employee has access to.
2.2. Check whether any unauthorized or rogue hardware or software exists on the employee's systems.
2.3. List all the employee's user and administrative accounts.
2.3.1. Particularly note any administrative accounts that include special privileges.
2.4. Check whether any orphaned accounts exist, and if so, trace their ownership. If they are no longer being
used, shut them down.
2.5. Coordinate the termination date and time with the IT-security, building-security, and human-resources
departments. If possible, plan for a time when the system will not be busy, so the IT staff can disable
the employee's accounts without distractions.
3. Quickly take the following steps at the moment of termination (before the employee is out the door,
3.1. Remove all physical access devices (badges, ID cards, access tokens, keys, and card keys) from the
RAS software, from the employee's possession.
3.3. Lock out access to the employee's workstation.
3.4. Cancel and remove all system and network accounts.
3.5. Escort the employee from the premises.
4. After termination, be sure that the IT staff checks the logs of the
previously inventoried systems for any entry attempts by the
4.1. Add rules to any Intrusion Detection Systems for checking the
5. If the person was employed either by the IT department or as a
software developer with access to restricted systems, create
backups of network configurations and crucial applications or data. In case of sabotage, you will then be
able to quickly rebuild the damaged network or system.
Download Chapter 6, Managing Human Resources, to learn more about secure managment practices.
This was first published in October 2005