Crown Logo

Technology Support For San Diego Since 1996

Click here for 60 minute consultation858-483-8770

A well-functioning IT department helps you get work done and keeps your data safe. One of the overlooked aspects of IT is how it is involved in personnel matters like onboarding and offboarding. We know that IT supports your HR team by keeping their data safe and helping them stay ahead of phishing attacks, but in today’s post, we’ll show you five ways that your IT team can strengthen your onboarding and offboarding processes.

1. Involve your IT team in onboarding early

Too often, the first time the IT team hears of a new hire is when they show up for their first day of work. The processes for adding a new user to, say, a Microsoft 365 account, may be straightforward enough, but if the user also needs VPN access, key cards, etc. it can be very time consuming for your IT staff. Instead of submitting an urgent ticket the day of, let your HR department know that submitting new hires (in advance) to the IT team helps them keep their priorities and timetables straight. It also makes sure that the new hire’s accounts are ready to help them get to work on day one and quickly get familiar with any systems or services they are new to.

2. Promptly notify IT of any terminations

It is crucial to your company’s data safety to keep IT up-to-date on any terminations that are or will be taking place. It is (like in onboarding) a courteous and efficient thing to do for your IT department. If being terminated causes an employee to become disgruntled, though, all the data they have access to is at risk of intentional deletion, theft, or exfiltration. Coordinating a firing with your IT team (similarly to how you might with an on-premises security team) can make it possible to shut off accounts at the same time the employee is let go, making it far less likely that they have the ability to do anything harmful on the way out.

3. Change passwords for privileged accounts

When someone leaves a team, it’s a good idea to cycle passwords that they may have had access to. While the user may be moving on, if they may have a copy of any of your passwords stored, then those passwords should be considered compromised. It can sometimes be tricky to figure out what access certain users have to shared accounts on a team; this is more of a concern for administrative passwords (privileged user accounts like root, admin, or superuser). If your organization’s passwords are well managed, then it shouldn’t be a problem to update them when necessary.

4. Eliminate waste on per user subscriptions

When employees leave your organization, it’s very important to notify your IT team, in case you have any subscriptions that charge per user. For instance, Microsoft 365 plans usually charge per user per month, so there’s no need to be overcharged when someone leaves. Periodically making sure that your subscriptions match your actual user count could directly impact your company’s bottom line.

5. Tighten up access to your network by deleting old accounts

Old user accounts are dangerous to your company’s network security. We focused on disgruntled employees in point number three, but all old accounts that gain access to your network or cloud services increase the attack surface of your company. The threat isn’t just a former employee logging back in, but also an attacker stealing information from them after they’ve left—information that can still be used to log in to your network or cloud by an attacker who targets them later.

There are reactive security measures you can take that would, for example, detect that someone is trying to exfiltrate a terabyte of data from your network, but the proactive solution is to make sure that your HR and IT teams work together to eliminate accounts as employees leave the company. It should probably be a part of your IT department’s plan for implementing a zero-trust model on your network, that is, segmenting all of the data on your network so users only ever have access to the data that they need—someone who no longer works for you doesn’t need access to any of your data.

-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team