You have yet to nail down your password management processes and now you have a potentially passive-aggressive ex-employee. What happens now?
If you were panic-Googling and came across this article—you’re in the right place. We’re going to jump right in and talk about the steps you should take when you need to remove a former employee’s access to company accounts, devices and resources. However, the most important element of reactive password management is to make sure that you don’t have to deal with this problem again. So, once you’re able to sort out the issue at hand, it’s time to put some proactive password management processes in place.
Reactive password management
First, find comfort in knowing that you are not the first company that has been in this situation, nor will you be the last. This is especially true for startups or medium-sized businesses that typically do not have the resources to bring on an entire IT team, or even one IT professional. If you do have an IT person on your team, get them in the room.
Take inventory: Start by taking inventory of every company account, resource or device this person may have had access to. Think about their role at the company; were they a member of your social media team, logged into your company Twitter account on their own device? Were they your office manager with access to the personal accounts of others? Once you come up with a comprehensive list of accounts and resources, ask other employees (especially those who worked closely with the dreaded ex) to review the list and add anything else that comes to mind.
Prioritize: Now that you have a completed list, prioritize the items on that list in order of most sensitive information. If you work at an agency or have access to any client login credentials, revoke access to/change the password of the database where this information is stored immediately. Doing so will hopefully save your company from a lot of embarrassment. Also, revoke access to their company email address—this will kill a lot of birds with one stone (especially if your company uses G Suite).
Enlist the help of your team: This isn’t always an option—maybe you don’t want the rest of your team to know that you’re in a full-blown panic. However, if you can/want to rely on your team for help, multiple minds and extra sets of hands are better than one. When you enlist the help of your team, not only can you cover a lot more ground, but they may think of things that you wouldn’t have like, “hey, where’s their company-issued laptop?”
Implement a password change: A second-to-last step (the last being to implement some password management processes moving forward), request that your entire office or company (if possible) does a password reset. It’s hard to say who has been sharing passwords with who and after an employee has been terminated, no matter the circumstances, people will be hesitant to disclose information like that. Requesting an office-wide password reset is a relatively simple solution to what could potentially be a bigger problem.
Proactive password management
Planning out password management processes before a problem even arises will save your company, your team and even potential ex-employees from a lot of stress and embarrassment.
Look into IT alternatives: We get it, hiring an IT team or even just one IT manager isn’t an option for many companies. However, IT support is critical when it comes to internal and external company security and efficiency in general. So, whether it be a local IT consultant, overpriced technology designed for massive enterprises, or a real-time IT solution that actually suits the needs of your business—you have options when it comes to IT and it’s time you start to seriously consider them.
Put BYOD policies in place: If your company is in a position to provide your employees with a company-issued laptop, smartphone or any other device—it’s definitely worth considering. Not only will your employees thank you for not having to use their own devices, but in the case of terminating an employee, requesting that company-issued devices be returned is a first line of defense when it comes to password protection.
Research password management tools: Password management tools like LastPass or saved passwords in Google Chrome are designed to make your life easier—no need to remember your locker combination from eighth grade every time you log into Facebook because it’s already auto-populated for you. Enterprise password managers function in a similar way, and they give business owners and IT managers a higher level of control in case of emergency. Tools like Dashlane for Business, Keeper Security Enterprise and LastPass Enterprise give companies the ability to secure their business with a suite of features that can be tailored to fit the needs of their team.
Off-boarding an employee is never easy—but it can be, at least from an IT standpoint. Electric AI is an IT solution that actually makes sense for your business. From day-to-day troubleshooting to system administration, Electric AI is a chat-based, real-time IT support system that will respond to your request in 10 minutes or less—you can literally Slack us while you’re terminating an employee, although that seems a little insensitive.