When someone with a high-security clearance leaves an organization, it is important to take the necessary steps to ensure you can preserve the security of your data and employees. While the majority of high-security clearance professionals are trustworthy and unlikely to put your data at risk, you can’t afford to leave cybersecurity to chance.
High-security clearance gives individuals access to confidential information and resources, so it is essential to heighten your security strategy when they quit.
Change the locks
This seems like a no-brainer, but you’d be surprised how many companies fail to reach out to a commercial locksmith after the event. If any employee who had access to the lock code or the key leaves the company, your top priority is always to protect access to the building. This means you have to take essential steps for your protection.
Getting all the locks replaced or their codes is your first line of action. If you use keys, distribute the new keys among the employees who have security clearance.
But if your organization has a gated car park, you can share details with the security team at the gate so they can take the former employee’s car out their list.
Change passwords for all shared tools
This may seem inconvenient and like a lot of work, but if your team has shared tools, such as a marketing cloud solution or a BI tool, with a unique password, you will need to change the password.
For tools with individual sign-ups, you want to consider a two-factor authentication process whenever possible. This will mean that, in the event that the password was accidentally shared, the person using the password will also need to verify their identity. When accounts are linked to business phone numbers, the access remains protected.
Inform their contacts
The best way to protect your business reputation is by keeping your customers and partners in the loop. When an employee with a high-security clearance leaves, you can seize the opportunity to publish an article about their stay in the business and the impact they have had. This is also a nice way to wish them good luck in their next endeavors. But, more to the point, it also ensures your audience is aware of the situation and will not share confidential information with the former employee.
If their successor is joining soon, you can also add a brief bio about them.
Deactivate their email address
Depending on data retention laws, you may need to keep the email for a number of years. Additionally, you may still require access to the employee’s former communication for specific projects or legal cases. But you can take preventive steps to ensure nobody gains access to their mailbox. So, you want to reset the password while you are keeping the email address.
If you maintain the mailbox active, you can choose to forward their email to the most relevant person, which will reduce administrative checks.
Alternatively, you can archive the content of the mailbox and delete the mailbox safely.
The priority for businesses is to realize that sharing confidential information and access with employees requires high maintenance when these employees quit. While this doesn’t mean that former employees are not trustworthy, in the event of a break-in or a data theft, you may be found liable if you haven’t taken these preventive measures.