You are here

Cyber Resilience – The Importance of Following Through with Employee Offboarding Processes

Cyber Resilience – The Importance of Following Through with Employee Offboarding Processes

Created: Tuesday, August 20, 2024 - 15:03
Categories:
Cybersecurity, Security Preparedness

Effective employee offboarding is a critical yet often overlooked aspect of organizational security. As employees transition out of a company, whether voluntarily or involuntarily, it is essential to manage the offboarding process thoughtfully and strategically. A well-executed offboarding experience not only leaves a positive impression on departing employees but will protect sensitive information and ensure the seamless transfer of responsibilities.

The Hacker News recently shared an article about automating employee offboarding While automation tools would result in a more efficient offboarding process, the steps discussed can be accomplished without automation and are widely applicable during offboarding. WaterISAC is sharing this post for the applicability of the discussed activities and the importance of overall offboarding. This is not an endorsement of any specific company, product, or service.

  1. Revoke access to Google Workspace or Microsoft 365. Verify the status of the employee’s Google or Microsoft account. Initially it will need to remain active while completing overall offboarding. However, it’s important to make sure they can no longer access the account by resetting passwords or disabling recovery methods.
  2. Transfer ownership of critical resources. Before you start deprovisioning their accounts, it’s important to identify and transfer ownership of critical resources such as root user accounts, corporate domains, social media accounts, and others.
  3. Review and update app-to-app integrations. OAuth grants are frequently utilized to facilitate app-to-app integrations and automation, so if a departing employee's OAuth grants are revoked without proper evaluation, it could hinder daily operations.
  4. Revoke SSO-managed accounts. Access to all accounts managed by your single sign-on (SSO) provider, like Azure AD or Okta, should be revoked.
  5. Revoke access to apps authenticated via OAuth.
  6. Revoke access to unmanaged accounts. Ongoing SaaS sprawl can create opportunities for unauthorized access to sensitive resources and data even after an employee has exited your organization.
  7. Clean up revoked accounts. After a user’s access has been revoked, it is essential to tidy up their accounts to prevent orphaned corporate data and avoid paying for unused licenses.
  8. Document and record offboarding activities.

For more details on employee offboarding actions, visit The Hacker News.