Post-Firing Access: Protecting Company Assets After an Employee is Terminated

The termination of an employee inevitably raises concerns about their continued access to company resources, especially when it comes to email and file storage. This article delves into the importance of immediately revoking access to these resources to safeguard company assets and maintain operational integrity.

The Immediate Response: Revoking Access

When an employee is fired, the first and foremost step is to revoke their access to all company-issued IT systems, including email and file storage. This may seem like an abrupt action, but it is crucial for several reasons. The legal and ethical responsibilities of the organization require prompt action to prevent potential harm to the company. Additionally, as a sysadmin, it is essential to ensure that all access points are secured as quickly as possible.

Practical Steps for IT Administrators

Here are the detailed steps that a sysadmin can take immediately after being informed of an employee's termination:

Disable Network Access: Once the employee has been escorted out of the premises, the immediate task is to disable their network access. This prevents them from accessing corporate email and other file storage. Audit IT Routes: Conduct a thorough audit of any other possible routes that the employee might have into the network. This includes checking for shared accounts, saved credentials, and any other vulnerabilities that could be exploited. Change Passwords: If the terminated employee had knowledge of other users' passwords, it is necessary to change all those passwords. This not only restricts their access but also ensures that the network remains secure. Notify Suppliers: In some cases, the terminated employee may have access to suppliers or partners. Notify all relevant parties to ensure that no requests are processed by the terminated employee.

The Implications of Untimely Action

Failing to take immediate steps to revoke access can have serious repercussions. For instance, a terminated employee may try to cause damage to the company using their remaining access. This could manifest in various forms, including:

Malicious actions that directly affect IT systems. Indirect damage through tampering with sensitive data or creating internal conflict with suppliers.

Therefore, it is critical for managers and sysadmins to prioritize rapid access revocation to mitigate these risks.

A Personal Perspective: A Sysadmin's Experience

From my personal experience as a sysadmin, I have handled several instances where employees were terminated. In one instance, I was specifically tasked with disabling a network user's access as soon as they were escorted out of the premises. In another instance, where a sysadmin role was terminated, the situation became even more complex, requiring careful planning and execution.

In both scenarios, the priority was to ensure that no access was left open to potential misuse. This involved immediate steps to disable network users, conducting audits, and changing passwords. Ensuring that all suppliers were notified was also part of the process to prevent any unauthorized transactions.

My personal opinion, while somewhat strict, is that any manager who terminates an employee without taking swift action to ensure that their network access is revoked should be held accountable. Terminated employees are likely to be extremely angry, and without prompt action, they may attempt to jeopardize the company's interests in various ways.

Conclusion

The timely revocation of IT access for terminated employees is a critical measure in protecting company assets and maintaining operational integrity. By promptly taking appropriate actions, sysadmins and managers can prevent potential damage and maintain trust with suppliers and partners. Ignoring this responsibility can have severe consequences, underscoring the importance of immediate and thorough access revocation.