Why Is It Important to Immediately Deactivate Employee Accounts and Access Immediately After Termination
Learn about removing access for terminated employees and how Lumos can help you manage your access rights.
Removing access for terminated employees immediately is one of those statements that seems like it doesn’t need to be said—yet a recent study by Zippia found that 71% of companies have no formal offboarding process and a shocking 89% of departed employees retain access to private applications and data at their former workplaces. Clearly there’s work to be done. That’s part of why we’re so passionate about employee offboarding automation here at Lumos. We know that having the right tools at the right time can help your IT and HR teams create a secure offboarding (and onboarding) experience, protecting your organization from risk.
What Is Access Revocation?
Access revocation involves making sure that a departing employee no longer has access to your company’s systems and sensitive information. This process typically involves disabling the employee’s access to email accounts, VPNs, internal databases like CRMs, and any other software or systems they used while employed. Another component of access revocation is changing shared passwords and removing the individual from group lists immediately.
Why Is Access Revocation Important?
Prompt access revocation is important during the offboarding process in order to protect company data, prevent security breaches, and maintain compliance with legal and regulatory standards. When an employee leaves, failing to revoke their access rights can quickly lead to unauthorized access, data breaches, and the potential misuse of sensitive information. In fact, the same Zippia study showed that 76% of IT leaders consider offboarding a significant security threat—perhaps due to the fact that 20% of businesses have experienced data breaches connected to former employees.
Revoking access promptly also makes sure that your departing employees can’t exploit their previous access privileges. This includes tasks like disabling email accounts so they aren’t accessing their work email after termination or collecting company-owned hardware. Documenting these actions should be part of your access termination policy for security audits and compliance purposes.
Another perk of prompt access revocation—you’ll be able to manage your software licenses more efficiently. Once you deactivate the accounts, you can reassign licenses, reducing unnecessary costs and optimizing your resource utilization.
How Do You Terminate an Employee “Effective Immediately”?
Terminating an employee “effective immediately” requires a structured and respectful approach if you want a smooth transition and minimal disruption. The best way to start is by figuring out who is responsible for which tasks. Removing access for terminated employees should be a coordinated effort between your HR and IT departments. HR should inform IT about the employee’s departure date, allowing IT to prepare for timely access removal. This helps prevent any unauthorized access, which could lead to data breaches or misuse of company resources. IT should follow a detailed checklist to make sure that access is completely revoked and inform HR once the task is completed. Let’s take a closer look at both HR and IT responsibilities.
How Does HR Handle Terminated Employees?
HR is one of the departments with the most responsibilities when managing the termination of employees. Here’s how HR typically handles this process:
- Prepare
- Check Policies: Review your company policies and employment laws to make sure everything's in order.
- Prep Documents: Prepare a termination letter explaining why the termination is happening, the effective date, and details about any severance or benefits.
- Coordinate The Termination Meeting
- Set Up the Meeting: Schedule a private meeting with the employee. If needed, have another HR person or manager join as a witness.
- Explain Clearly: Calmly and concisely state the reason for the termination, the effective date, and what comes next. Hand over the termination letter and any other relevant documents.
- Collect Company Property
- Gather Assets: Work with IT to collect company property like laptops, phones, security badges, and keys during or right after the meeting.
- Revoke Access: Work with IT to immediately revoke the employee’s access to all company systems, including email and software, following any applicable workflows like a terminated employee email policy.
- Administer Final Pay and Benefits
- Process Final Pay: Calculate and process the final paycheck, including any accrued vacation or severance pay.
- Explain Benefits: Provide information on continuing benefits, such as COBRA, and options for any retirement plans.
- Conduct an Exit Interview
- Get Feedback: If it makes sense, conduct an exit interview to gather feedback and understand any issues that may have led to the termination.
- Notify the Team
- Inform Departments: Let the employee’s team and other relevant departments know about the termination. Make sure there’s a plan to cover the departing employee’s responsibilities.
- Security Updates: Inform security and facilities management to prevent unauthorized access and update security settings if needed.
- Document Everything
- Keep Records: Document all the steps taken during the termination process, including the reason, the details of the termination meeting, and the return of company property.
- Stay Compliant: Check that all your actions comply with employment laws and company policies to avoid potential legal issues.
- Follow Up
- Post-Termination Contact: Send a follow-up email to the terminated employee outlining any remaining steps, such as final paycheck delivery or returning any additional property.
- Offer Support: Provide information on support services, like career counseling or job placement assistance, if available.
How Does IT Handle Terminated Employees?
Your IT team plays an important role in managing the offboarding process for terminated employees. Here’s a step-by-step guide to how your IT team could handle terminated employees:
- Prepare
- Coordinate with HR: Once your IT team receives a notification from HR about the employee’s termination, including the effective date and any specific instructions, it’s time to review your offboarding plan and prepare to carry it out.
- Revoke Access
- Disable Accounts: Immediately disable the employee’s access to all company systems, including email, VPN, databases, and any other internal platforms.
- Change Passwords: Update or change shared passwords and access codes to prevent unauthorized access.
- Set Bounceback Message: Work with HR to create an appropriate “this employee is no longer with our company” email message that is aligned with your terminated employee email policy.
- Retrieve Company Assets
- Collect Hardware: Work with HR to collect all company-owned hardware.
- Assess and Secure Devices: Check the condition of returned hardware and make sure that all data is wiped securely from these devices.
- Manage Software Licenses
- Reassign or Deactivate Licenses: Reassign or deactivate any software licenses that were assigned to the terminated employee. This helps optimize license usage and reduce unnecessary costs.
- Backup and Transfer Data
- Backup Data: Backup all data from the employee’s devices and accounts.
- Transfer Data: Transfer relevant data to appropriate team members or managers to ensure continuity of ongoing projects and tasks.
- Check for Compliance
- Conduct an Audit: Perform an audit of the employee’s access and activities before termination to identify any unusual or unauthorized activities.
- Check Compliance: Make sure all actions taken are in compliance with company policies and relevant regulations. Document these actions for future reference and audits.
- Communicate
- Notify Teams: Inform relevant departments about the access revocation and any changes to shared resources or systems.
- Coordinate with Security: Work with your security team to update physical access controls if necessary.
- Document the Process
- Maintain Records: Keep detailed records of all steps taken during the termination process, including the revocation of access, collection of assets, and data transfers.
- Review and Improve: Regularly review and update offboarding procedures to address any issues and improve the process.
Lumos: Effective and Efficient Access Management
Offboarding is never a fun process, and it’s even more difficult when you have to terminate someone’s employment. But offboarding is just one piece of your employee lifecycle—a lifecycle that is full of opportunities for access mistakes like overprovisioning or forgetting to provide access in the first place! It’s time to put technology to work for you. It’s time for Lumos. With our unified access platform for IT and Security teams, you can easily manage all access to apps and data from onboarding to offboarding. You’ll have the tools you need to manage access rights, monitor user activity, optimize your software licenses, and even run easy audit reports! If you’re ready to enhance your offboarding process—and transform your entire access management approach, you’re ready for Lumos. See it in action today!