Why Should An Employer Inform Their IT Provider When An Employee Leaves?

When an employee leaves a business, it’s a big deal. There are the big questions of course, like will the employee be replaced and who will take over the work until then. Yet it’s often the less obvious issues that get companies into trouble. From client relationships to password management, the ripple effects are often felt long after the employee’s last day.

Many employers aren’t even aware of the steps they need to take to get all their ducks in a row. If you have a managed IT provider, they’ll need to be informed if an employee leaves the company — sooner rather than later. 

It’s the outsourced team that takes many of the necessary precautions to keep information protected, but they can’t spring into action until they know what’s going on. We’ll look at why it’s so important to prevent unauthorized access and how failing to do so can manifest in some serious problems down the line. 

The Psychology Behind Leaving a Job 

Employees may leave a company for any reason, and they often take mixed feelings away with them when they go. Most of the time, an employee who leaves for a glamorous new position in another firm is nothing to worry about. Why would they pose a threat to the company? As the old adage goes, however, it’s better to be safe than sorry.
Ex-employees might steal information from their old employer to help their new one. They might steal money because they felt they weren’t paid enough for their work. They might steal a customer’s identity because they had a personal grudge against them. Whether someone was let go or left of their own volition, employers need to be on guard.

Sabotage 

Most employees aren’t criminal masterminds, and very few set out to cause harm to a former employer. But, sabotage can and does happen, so it’s worthwhile to put in place clear procedures for both onboarding and offboarding employees. By not taking the time to put together an offboarding procedure, you are making it easy for the one employee that has mal-intent.
For instance, if an employee has access to their old email account, they may send emails to clients or customers. They might glean competitive information through official employee communications, or try to poach new contacts or leads.
If they still have access to active directories or VPN connections, ex-employees can steal, delete, or modify at will. Much like email, an old employee could use it to monitor ongoing activities in the company. This can start off as idle curiosity, a glimpse into a world that the employee is no longer in anymore, but it can progress to anything from bogus records to altered software.

In the worst-case scenarios, an old employee might have direct access to financial data or tools. If they have any kind of privileges in this regard, it’s not out of the realm of possibility for that employee to go straight after the corporate bank accounts. 

Lost Communication

There’s a lot of turnover in company’s today, and the public knows it. One of the best parts of working with a small business is that there tends to be some degree of consistency. They’re more likely to remember that person because they worked solely with them, and not 10 of their closest associates. The employee who left may not have been a dynamo networker, but they probably forged more connections than people realized.

This is why it’s so important that someone is monitoring communication channels after the employee leaves. If an old client decides to contact the employee and no one is paying attention, small businesses can lose out on more than they bargained for. A managed IT service provider will ensure that all those requests, questions, and concerns are being forwarded to a different email account, so someone can follow up no matter what. 

Potential Vulnerabilities 

Cybercriminals have a number of tricks to infiltrate a company, even when they don’t have any insider information. When an account, application, or email is no longer being used, it presents a more streamlined opportunity. 

Part of the economy on the dark web is driven by credentials from different accounts. Some of these passwords and usernames are long past their prime, but others remain open for business. Real criminal masterminds use this information to access (and exploit) valuable assets. 

Even if the employee was nothing more than an intern, you might be surprised at just how many applications are gateways to treasure troves of data. Criminals might use that data to send emails to customers from the company address in an attempt at identity fraud. If your company isn’t held directly liable for the events, your domain is likely to be blacklisted at the very least. From reputation to marketing campaigns, the effects can be disastrous. 

This infiltration can technically happen at any point, but an unmonitored account is more dangerous. Cybercriminals can access it over the course of months, possibly years if the company is asleep at the wheel. 

This is a red-hot opportunity for severe long-term damage, which may include anything from one main catastrophic event (e.g., a fast-acting virus) to a slow drip of information to customers for as long as the criminal feels it’s worth their while. The most concerning part of this scenario is that no one at the company is likely to notice anything until the situation is past the point of no return. 

Unnecessary Costs 

Licensing charges are spread out over all your employees, and they vary per account. Depending on how many applications the old employee had access to, the costs can add up. A managed IT service provider will be able to handle the licenses and may even be able to negotiate more favorable terms for the cancelation. 

There are a number of costs to letting go of an employee that are unavoidable. There’s no use paying more when there’s no need. 

Unauthorized Access 

Unauthorized access shares some elements with sabotage, but there’s no ill-will necessarily on the part of the employee. For instance, let’s say that an employee leaves your company to set up shop on their own. They’re technically a competitor now, but they don’t plan on taking any of your clients per se.
Instead, they use their old credentials to get information and data that would be handy for building out their website or marketing to clients. They might use anything from old directories to new tools to learn more about the industry, develop new insights, or tap into untapped markets.
Ultimately, the damage caused by unauthorized access won’t be as severe as the damage caused by someone with sabotage in mind. But, you definitely don’t want your competitor to have any access to the competitive data and tools you’ve worked hard to develop. And, there’s no reason for the ex-employee to continue having the same privileges if they no longer have any loyalty to your brand.

How a Managed IT Provider Makes a Difference 

When you hire an employee, there’s a lot that needs to be done. The onboarding process can include anything from payroll to protocols, and it can take some time to get everything up and running. As that employee sticks with the company, their roles, privileges, and access levels only continue to change. It’s no wonder that most employers will inadvertently skip a step or two after an employee leaves. There are so many footprints starting from Day One, it’s hard to see just how far they go back. 

A quality managed IT provider will leave no stone unturned though. These are teams that know the perils that SMBs face when an employee leaves, which means they leave nothing to chance. This is not about assuming the worst in people, but about buttoning up accounts and access that always should have been closed to begin with. Rather than leaving it in the hands of a makeshift HR manager (one who likely pulls double duty in several other roles), this needs to fall to your provider. 

About Southeastern Technical

We help leaders discover how they can have stable, reliable information technology (IT), so their organizations can experience fewer IT problems and security threats.

Categories

Recent posts

Top Cybersecurity Threats to Small Businesses

You’ve read the headlines, and you are familiar with the havoc cyber criminals can cause. But, they won’t come after your business, right? It’s a common misconception that small businesses aren’t a target and/or they are sufficiently protected.

Read More »

solutions for real-world problems

We’ll send technology tips to help you resolve existing problems, information about underlying problems in your IT environment and how to solve them, and how to reduce digital security risk for your business.

Stay Connected