Blog

category filters go here

Avoiding security risks with leavers.

Employees who are leavers can potentially create security risks. A high-profile example of this occurred back in 2017 when President Trump’s Twitter account disappeared for 11 minutes – apparently due to actions of a Twitter employee on their last day! From deleting important data to publishing confidential information the potential for leavers to cause reputational damage or other security risks is huge. We have listed below some practical steps which employers can follow to mitigate the information security risks and avoid damage by leavers.

It’s good practice to have an off-boarding procedure or checklist which your managers can work through. This ensures no technical risks are missed and can include some non –technical items such as return of keys and fobs. Our tips for areas you should cover are listed below. Several important items on the list require the employer to have detailed knowledge of what systems the employee had access to and what physical items they had in their possession. It is good practice to create an Access Control log for each employee during their on-boarding which would contain all of this information and is updated during the course of their employment. This document is a key reference point during the off-boarding process.

Areas you should cover include:

  • Return of company owned property – this would include laptops, mobile phones, hard-drives, USB sticks etc.
  • Terminate Network Access – close down the access and eliminate the user identity if possible. Remember to include any third party cloud-based systems.
  • Change passwords – if the user had access to company passwords, they need to be changed. This could be for social media accounts etc
  • BYOD – if your company has a BYOD policy then be sure to remove all company data and programs before they leave. Remote wipe is possible but brings risk of deleting personal data.
  • Forwarding – set up email and call forwarding to colleagues
  • Door code change – if your company uses pin codes for entry access to the building or between departments then these need to be changed

A robust off-boarding process is a key element of the ISO 27001 Information Security standard.  RedMosquito is an ISO 27001 accredited organisation. We provide expert advice to our IT Support customers throughout the UK. This includes what their company off-boarding process needs to cover. If your company needs help with this contact us today to learn more about our consultancy or IT Support services.

Phishing Malware Email

Lockdown Hacking Attempts on the Rise.

Recent reports say that the quantity of hacking attacks directed at homeworkers during the Coronavirus lockdown has grown considerably. The variation and sophistication of the attacks is also on the rise reported Darktrace in a recent article in The Guardian newspaper. Exploitation of homeworkers during the Covid 19 shutdown has increasingly become the focus of […]

23 Jun 2020

Online meetings – our tips to make it work

Online meetings are now becoming the norm as everyone works from home. It can be a challenge to hold effective online meetings for several reasons; from connectivity problems to etiquette issues!  People can’t talk over each other, there can be slight communication delays and the ‘eye contact which is not really eye contact’ feeling takes […]

Security risks with leavers.

Avoiding security risks with leavers.

Employees who are leavers can potentially create security risks. A high-profile example of this occurred back in 2017 when President Trump’s Twitter account disappeared for 11 minutes – apparently due to actions of a Twitter employee on their last day! From deleting important data to publishing confidential information the potential for leavers to cause reputational […]