User Termination Best Practices

Ensuring that each departing employee retains no access to your IT infrastructure is critical to protecting your systems and data — but there are more steps than you might think.

How to off-board an employee for good

  • Disable the departing employee’s account in Active Directory immediately; after 30 days, remove it.
  • Disable the user’s email login; forward e-mail to the user’s manager for as long as needed.
  • Terminate VPN and Remote Desktop access.
  • Terminate access to remote web tools (web apps, Office 365, e-mail, etc.).
  • Terminate access to voicemail. Forward phone and voicemail to the user’s manager, and delete them at the manager’s convenience.
  • Disable access to business applications such as SAP.
  • Change all shared account passwords that the departing user knows.
  • Move the user’s personal share data and e-mail archive to the manager’s account; delete them at the manager’s convenience.
  • Reset the “FAX/SCAN to e-mail” setting on multi-function printers.
  • Remove the user from email group lists, distribution lists, internal phone lists and websites.
  • Connect to the user’s workstation and shut it down.
  • Retrieve or disable all company-owned physical assets (computer, laptop, phones, tablet, etc.) assigned to the user, and update the IT inventory.
  • Copy all needed local data from employee’s computer to manager’s one.
  • Change any access codes the user knows, such as PINs for accessing secured rooms.
  • Remove any personal belongings from the user’s work area.
  • Inform company staff that the user is no longer employed there.
 


Join the discussion