One of the unfortunate events that occur over the lifetime of an organization is the turnover of employees. For various reasons, employees may be terminated or they may choose to end their employment. In either case, it is important that your organization have an established security policy and procedure in place to manage the situation and minimize the security risks associated with exiting personnel.
- Disable network account - As soon as an employee is no longer working towards the best interests of the organization, they no longer need access to the sensitive and confidential resources maintained on the IT infrastructure of that organization.
- Collect all security IDs, proximity devices, access badges, smart cards and any other identification, authentication, and access devices - Protecting your physical environment and access into the organization's facilities is just as important as protecting access into the IT environment.
- Manage the workstation - In most organizations, old workstations are refitted or recycled as systems for new employees. However, it may be important to retain the contents of the system exactly as they are at the moment the previous employee was terminated or chose to leave. Thus, before decommissioning a computer as a workstation for another employee make an image of the hard drive and verify that the image is complete and accessible. You may also want to create a second form of backup onto typical backup
- media. Depending on the amount of data to record, you may even opt to store the data on writeable CDs or DVDs. Remember, the key is to create a copy of the data exactly so it can be used in the future to locate information, corroborate stories or provide evidence in the event a crime is detected.
- Secure printed and electronic documentation - Look through the desk, cubicle, work area and locker for any type of storage device or media and for documentation and printouts. If anything is found that contains data from a security classification other than that assigned to the ex-worker, further investigation as to how that data was obtained is necessary.
- Inform the security team of all employment terminations - This will allow them to monitor the user accounts and commonly accessed resources of the ex-employee to look for unauthorized access. Co-workers should be informed of the person's work status and informed that they should not grant electronic or physical access or provide any confidential information to the ex-worker under any circumstances.
About the author
James Michael Stewart is a researcher and writer for Lanwrights, Inc.
This was first published in October 2002