Terminating an employee is never a joyous experience for the organization or the recipient of the pink slip. However, terminations are a fact of doing business. In light of today's security-conscious business environment, planning ahead on how to manage terminations can improve the security of your organization.
If security is of any importance to your organization at all, you should have a security policy. An important element in a security policy is the termination procedure. Termination procedures provide guidelines and a script of sorts to follow when an employee must be released. The procedures focus on making the firing processes as incident-free as possible and ensuring the ongoing security of the organization.
When developing your own termination procedure, keep the following key points in mind:
More on insider threats and employee termination
Employee risk assessment: Helping security spot high-risk employees
How to create and enforce employee termination procedures
Terminating a system administrator
How should termination procedures address a user's multiple roles?
Join the conversation: Employee termination
- Always inform the employee of their termination with at least one other witness. When possible, hold a private meeting to perform the firing activity.
- Immediately disable the terminated employee's network access
- Retrieve any keys, smart cards, IDs, or other physical access devices
- Perform an exit interview
- Escort the ex-employee off the premises
- Arrange for the return of any off-site equipment that the ex-employee may possess, such as notebooks, documentation, PDAs, etc.
- Notify human resources of the termination and have them arrange the final paycheck including vacation pay. HR should also discuss the cessation or transfer of benefits (health insurance, life insurance, stock options, retirement, etc.) with the employee.
- Arrange to return any personal property of the ex-employee from their work environment. This should include a review of any removable media and documentation for proprietary or confidential data belonging to the organization.
An exit interview is basically a review of the employee agreement and the non-disclosure agreement (NDA) the employee signed upon starting his job. It is important to remind terminated employees that they are legally restricted from discussing the security policy, security mechanisms and confidential data with anyone.
Most of the elements of the termination process and the exit interview are a matter of personnel administration rather than technical administration. But, don't forget there are several import technical elements to address when an employee is terminated. First, what happens to their data? In many cases, you'll need to provide a copy of personal data (such as e-mail, documents, etc.) to the exiting employee. After the personal data is collected, it should be inspected and reviewed before being sent out. Once the data set is cleansed of all confidential data, it could be burned onto CD-Rs for ease of transference.
Also, what about their user account? In most cases, you'll want to simply disable the account rather than delete it. First, if the account is deleted, it will be removed from the accounts database and therefore performing security audits against the account will be impossible. Also, if you replace the employee or some other worker needs similar access privileges, it is easier to make a copy of an existing user account than create one from scratch and manually re-assign all access privileges.
Without a defined termination procedure, the act of firing an employee can result in numerous security oversights that can easily be exploited. Hopefully your organization will never experience retaliatory attacks from a terminated employee. But it is in the best interest of your organization to plan ahead and implement preventative safeguards.
About the author:
James Michael Stewart is a researcher and writer for Lanwrights, Inc.