What happens when an employee is terminated? A large number of organizations handle employee offboarding, or “termination procedures,” through loose, manual processes like emails, phone calls and private conversations. Now consider these (real) scenarios:
- A computer technician at a large publishing company deliberately caused several of the publisher’s network servers to crash as retribution for his termination. All of the information on the servers was permanently erased and could not be restored.The publisher was forced to shut down its New York office for two days and lost in excess of $100,000.
- Just after he was fired in a former construction company office worker changed the company’s login and password without telling anyone. This gave the terminated employee complete control of the construction company’s website and email system.
- A contract worker at a large auto maker was fired and later that evening the worker logged in to their network, trashed their supplier website and stole proprietary trade secrets. In fact, the worker was logged in until about 6:30am the next day.
Obviously these are all worst case scenarios but all it takes is one poorly-managed offboarding procedure to cause serious disruption and financial loss to a business.
In fact, Sarbanes-Oxley states that “Terminated employees should have their access promptly removed. A process should exist to ensure that account administrators are notified in a timely manner of employee terminations.”
And yet, despite the mounting risks of not properly offboarding employees surveys indicate many organizations are leaving gaps in their processes.
- A survey by security firm Cyber-Ark that found “88 percent of information technology workers would take sensitive data with them or abscond with company passwords if they were fired”.
- In another survey: “More than 13% of respondents can still access a previous employers’ systems using their old credentials. A surprising percentage can still gain access into two, or even more, ex-employers’ systems.”
So far we’ve only spoken about the security risks of a manual offbaording process, but these kinds of security breaches are just the most obvious risks companies need to mitigate. There are many other parts of the offboarding process that should be part of an automated process to prevent lapses and ensure policy consistency.
- Ensure performance evaluations, disciplinary action forms, attendance sheets, etc. are in order.
- Avoid potential lawsuits by ensuring that the compliant procedures are followed and documented across all locations.
- Decomissioning of access cards.
- Identification and return of company property.
- Provide access to local, network and cloud-based files as well as email for the former employee’s supervisor.
- Ensure receipt of paperwork (non-disclosure, etc.)
- Conduct exit interview or surveys.
- Confirm that information about insurance continuation (COBRA), retirement fund withdrawals, and other benefit matters were discussed.
- Notification of stakeholders (IT, Finance, leadership, etc.)
- Retention of certain technological resources, data, and logs in the event that the former employee or company itself decides to pursue litigation.
- Ensuring that terminated employees no longer collect wages or benefits past their date of separation.
Managing the offboarding process in an automated way becomes even more critical in industries where the HR staff is often not onsite to oversee the offboarding process. For instance businesses with multiple office locations but a centrally-located HR team. Often the process is left completely to the terminating manager or office manager, who may not be as versed in the process or as sensitive to the risks of poor offboarding as if HR personnel were on hand.
Ultimately, the benefits of automated the offboarding process are numerous and, combined with a thoughtful, automated onboarding process, can ensure consistency, accuracy and compliance for the employee lifecycle.