🔒 The Importance of Having a Written Policy for Terminating Accounts When an Employee Leaves the Company 🔒
Paul Bergman
CEO & Founder | Lamp of Learning | Experienced Advisor | Helping Companies Navigate Growth, Strategy, and Innovation | MBA, CISSP
Hello #LinkedInFam,
As someone with over 20 years of experience in executive management roles, particularly in operations, IT, and cybersecurity, I can't stress enough the importance of having robust security measures in place. One area that often gets overlooked is the procedure for terminating accounts when an employee leaves the company.
🚨 Why is this Important?
When an employee leaves, they shouldn't leave with access to sensitive company data or systems. Failing to properly deactivate accounts can lead to unauthorized access, data breaches, and a host of other security risks.
📝 The Need for a Written Policy
A written policy ensures that everyone in the organization understands what needs to happen. This is backed up with procedures that contain the steps that need to be taken when an employee leaves. It provides a clear, actionable checklist that can be followed by HR, IT, and other relevant departments. This is not just a best practice; it's a necessity for maintaining a secure operational environment.
🤝 Engage CISOs and Security Teams
I strongly recommend involving your Chief Information Security Officer (CISO) or security team in drafting this policy. Their expertise will ensure that all bases are covered, from revoking email access to securing proprietary software.
Recommended by LinkedIn
🔑 Key Components of a Good Policy
- Immediate Deactivation: Accounts should be deactivated immediately upon an employee's departure.
- Inventory Check: Make sure to have a list of all accounts the employee had access to.
- Data Retrieval: Secure any important data before deactivation.
- Audit: Conduct a security audit to ensure no unauthorized access has occurred.
- Documentation: Keep records of all actions taken for compliance and auditing purposes.
👉 Take Action Now
If your company doesn't have a written policy for terminating accounts, now is the time to create one. It's a simple step that can save you a lot of trouble down the line. It's also going to be important if you ever need to prove compliance with a standard (ISO/PCI/HI Trust/CMMC).
Feel free to share your thoughts and experiences on this topic. Let's keep the conversation going!
#CyberSecurity #InformationSecurity #CISO #DataProtection #BestPractices #HRM #ITManagement
Stay Safe and Secure, Paul Bergman Strategically Focused Executive Leader 20+ Years in Operations, IT, Cybersecurity Building Bridges Between Business and Technology 🔗 Connect with me
翻译:
Paul Bergman Actually amazing how I had access to systems from previous employers. Even if only for one day. Enough time for things to go massively wrong.
Information Security and Quality Management
1yI disagree with this. I believe that you should have a procedure for this, not a policy. We have a procedure, titled "Starting and Finishing a Role", which specifies what happens when a worker joins the organisation, moves from one role to another, and leaves the organisation. The procedure implements Item (1) of our Access Control Policy, which is as follows. (1) We will provide to each worker, only the access to ICT resources required, to do their work. (2) A worker must only access our ICT resources with administrator access when necessary. (3) A worker must NOT access email or the internet when logged in with administrator access. All three items of this policy also govern parts of our "Network Management Procedure".