Ripple's Humans First IT Blog

IT Offboarding Checklist: How to Reduce Security Risk

Written by Ripple's IT Team | Sep 27, 2023

 

When you part ways with an employee, the offboarding process begins. There’s paperwork to complete. You need to conduct an exit interview. And — this is often the hard part when you have a small IT team — you have to collect any devices you own and revoke the former employee’s access to the network and systems. You’ve got to be thorough with this process, and you need to be able to start right away. Why? Because chaotic, delayed offboarding is a huge cybersecurity risk. 

According to a recent survey,  47% of respondents still use passwords from their old jobs to access email, subscriptions, software, and even company data. It’s not that your former colleagues have suddenly become shady cyber villains. Most said their intentions weren’t malicious. However, any unauthorized network or system access is a cybersecurity threat. Once someone leaves, you don’t have much influence over whether they use secure networks, lock their devices, or watch out for phishing attacks. 

Plus, 10% of people who access former employer data admitted they did it for sinister reasons.  Whatever their plans, that 10% can do a lot of damage. 

No matter the cause of a data breach or attack, things snowball from there in terms of time, money, and reputational damage. That’s why it’s so important to have a secure offboarding process. It’s an ounce of prevention that’s worth more than a pound of cure. 

This IT offboarding checklist will walk you through the steps you need to take to keep your network and systems safe. 

The Connection Between IT Offboarding and Cybersecurity 

To maintain a secure technology ecosystem, you have to be on top of your security game. When someone leaves the company, it’s up to you to secure the things you can control: network access, user licenses, and devices. 

Unfortunately, lots of companies aren’t as on top of things as they should be. Only one-third delete user accounts after someone leaves. These become zombie accounts, which can be exploited by hackers or disgruntled former employees. The reasons why this happens are understandable. For starters, resources are limited. Also, the things you do to make work easier and more efficient make the offboarding process more complicated: 

  • Employees use so many systems, it’s hard to keep up with all of their accounts.
  • Since it’s more common for employees to use personal devices for work, it’s difficult to retrieve data that’s stored on them and revoke access in an efficient, timely way.
  • If you offboard employees remotely, things get even more challenging, especially when it comes to retrieving company-owned devices. 

If your IT offboarding checklist doesn’t account for these issues, you could be leaving the door wide open to insider threats and hackers. You also may get in trouble with regulators who are constantly expanding the scope of data privacy regulations. A thorough offboarding process helps you stay in line with compliance best practices

Secure Your Data With This IT Offboarding Checklist

There’s no way to get around it. The IT offboarding process is super complex. We’ve put together this checklist to help you follow a secure, thorough process. 

1. Revoke system access

The first hours after an employee leaves (especially in the event of a termination) are particularly risky. If someone has bad intentions, they’re counting on you to act slowly so they can download a file or peek at confidential reports. Regardless of why your employee is leaving,  this step should be taken right away. Make sure you cover all your bases by revoking access to these accounts and systems:

  • SaaS applications, networks, and databases 
  • Email and collaboration tools
  • Remote access privileges and connection tools
  • Shared folders and company intranet

You can save a lot of time on this step with identity management tools like OneLogin, Okta, Rippling (no relation), or JumpCloud. They allow you to disable multiple accounts from one central system.

2. Collect Devices

If you follow a thorough onboarding process, you should have a list of all the tech you have provided to employees. Now’s the time to collect any laptops, smartphones, tablets, hot spots, and other devices that belong to the company. 

If you are offboarding remotely, you’ll need to do a little more coordination:

  • Send the employee a return box with a prepaid shipping label. 
  • Provide a list of what they’re expected to return, and when. Make sure to collect any peripherals or accessories you provided for their home office
  • Verify serial numbers and device details to make sure you’ve received the right items. 

3. Wipe Devices 

You can take a couple of approaches to wiping devices after they’ve been returned. 

The first approach is totally DIY. You can have the devices returned to your office where you wipe them in-house. Here’s how that process should go:

  • Back up the device so you can retrieve any data that was stored on it. 
  • Disable password protection.
  • Remove files, including personal data, browser history, etc.  
  • Perform a factory reset.
  • Reboot the device to verify that files have been permanently deleted. 
  • Document the process and log the device in your asset management tool. 

Ideally, you can do some of this remotely before the device is shipped back. That way, if something happens to the device in transit, there’s no valuable information for hackers to steal. 

The second approach to this process is to outsource it. You can have the devices sent to a company like GroWrk, Allwhere, or Kandji. They’ll wipe the devices for you and store them until they’re ready to be used again. 

They can also help you automate Step 2 of the IT offboarding checklist, so you don’t have to be bothered with sending out boxes and shipping labels yourself. 

4. Change Shared Passwords

Sometimes teams share accounts for things like team inboxes or managing customer shipments. 

We strongly advise against this practice. However, if it’s happening at your company, make sure to force change the passwords when someone leaves. We know, it’s hard to keep up with these types of accounts, and it makes the IT offboarding process longer. That’s why we advise against sharing passwords. It’s just too risky. 

5. Forward Emails

Even if your former employee leaves in a typical two-week timeframe, they may not be able to update all of their contacts. Clients, vendors, and colleagues may still reach out to them. Those emails shouldn’t go into a black hole. 

Find out who will be the new point of contact and forward the outgoing employee’s emails to their address. You should also create an autoresponder informing contacts that the person is no longer with the company, and who they should reach out to instead.

6. Plan to Delete Accounts

In Step 1 of this IT offboarding checklist, you revoked access to the network and to software. That doesn’t mean that the accounts are fully deleted. Many systems don’t allow you to delete accounts right away, so you can access the account and all of its history if you need it. 

After a while though, these dormant accounts aren’t useful anymore. They’re just zombie accounts. And if you use systems with user-based pricing, they’re costing you money. That’s why you need to plan to revisit these systems after a while to fully delete them. 

7. Monitor Security and Prevent Unauthorized Access

This should be part of your broader cybersecurity strategy. On an ongoing basis, you should be monitoring your network and systems all the time for unauthorized access or unusual activity. You should also have tools in place that force users to be authenticated every time they try to access your network or systems. These practices keep out everyone who shouldn’t be meddling around with your tech — hackers and former employees alike. 

Help with The IT Offboarding Process 

We’ve tried to make this IT offboarding checklist as straightforward as possible. But the fact is, offboarding and cybersecurity are hard to manage. Automation tools are a big help, but figuring out which ones to use can be hard. And the more tools you use, the more vendor relationships you have to manage. 

Ripple can help out with that. We’ve helped with countless offboarding processes, and we know how to make the process painless for you. We’re up-to-date on the latest offboarding automation tools so you don’t have to sift through them yourself. We handle every aspect of the process, from revoking system access to collecting devices, so you can focus on exit interviews, paperwork, and finding your next new hire. 

Wanna talk more about making IT offboarding more seamless and secure? Reach out to us for a 30-minute consultation

 

IT Offboarding FAQs

What should be included in an offboarding checklist?

An offboarding checklist should include plans for the following:

  • Disabling accounts and revoking user access to the network
  • Collecting and wiping devices
  • Ongoing monitoring to keep unauthorized users out of your networks and systems

What is a technical staff offboarding checklist?

A technical staff offboarding checklist is catered to employees working in roles like IT, like developers or programmers. These employees often have more access privileges than non-technical employees, meaning the offboarding process is more involved. 

What is offboarding in cybersecurity?

A technical staff offboarding checklist is catered to employees working in roles like IT, like developers or programmers. These employees often have more access privileges than non-technical employees, meaning the offboarding process is more involved. Offboarding is the process of collecting devices and revoking access to technology after an employee leaves a company. 

What is onboarding and offboarding in IT?

Onboarding is the process you follow to set up a new hire with technology. This includes issuing devices and setting up user accounts, such as email and Microsoft Office. When an employee leaves, you perform an offboarding process by collecting company-owned devices and revoking access to the network and systems.