Skip to Content
Cyber and Privacy Risk and Insurance

Cyber-Security Considerations for Employee Departures

Mark Lanterman | April 7, 2023

On This Page

For any organization, managing who has access to data and assets can be trickier than one might expect. Access controls, simply put, determine who has access to what. Pretty simple, right? But organizations of any size can struggle to, or forget to, manage access creep—also known as privilege creep. It occurs when individuals have unrequired access rights.

This can happen if an employee changes positions within an organization and new access rights are piled on to old access rights. But there are many instances in which an employee, contractor, or individual could have access beyond what is appropriate. Such a scenario is when an employee leaves an organization and retains some or all of their access controls for longer than is necessary.

An employee departure, especially under bad circumstances, can be challenging to navigate. Amid the Great Resignation, concerns over data exfiltration and intellectual property abound. 1 While each situation is unique, following appropriate procedures can help make the departure process go as smoothly as possible. However, making sure that cyber-security requirements are fulfilled can often get lost in the shuffle. Adhering to best practices and managing access controls can minimize the risks posed by the insider threat.

Protect Against Insider Threat

Just as organizations need to defend themselves against cyber attacks originating from the outside, steps need to be taken to counteract the risk of the "insider threat." The insider threat can materialize in many ways—as a disgruntled former employee absconding with confidential company information, an accidental click of a phishing link, or a third-party vendor accessing certain data without authorization. Whether malicious or unintentional, it can be difficult to fully account for the insider threat. When an issue presents itself, organizations are often caught off guard. Sometimes, these problems are only discovered long after the fact, which occurs frequently in cases involving former employees.

Former employees may retain access to email accounts, the cloud, tools, assets, and even property for long after their termination dates. Access creep is typically an oversight on the part of the organization, and it can pose a serious problem when an overlap is identified. A simple cyber-security and technology checklist is helpful to have on hand to help mitigate the risks. Key steps may include the following.

  1. Make sure that the employee no longer has access to their email account. Forward all incoming emails to another address, and preserve or backup any accounts or devices. Delete employee accounts.
  2. Review (and audit) access controls to ensure that the former employee can no longer remotely access any other accounts or assets, including cloud accounts or social media sites.
  3. Collect all company-owned property and devices (including key cards), and update all relevant property logs.
  4. Change all passwords, and disable multifactor authentication.
  5. Have the employee confirm and provide signed documentation to upper management and the IT department that all relevant steps have been followed and all property has been returned.

Additional investigative measures may be required; depending on the circumstances, other departments or third parties may need to be involved to determine if unauthorized access or data exfiltration has occurred. Having a strong incident response is critical in the event of a breach, either malicious or unintentional. Exceptions should not be made to the checklist your organization follows, as consistency and timeliness in its application can help to prevent damages stemming from the insider threat.

Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.


1 David Balaban, "Insider Risk Facts You Can't Afford To Ignore," Forbes, February 7, 2023.