by Blog | Nov 10, 2022 | Cybersecurity, IT Management
Digital footprints cover today’s modern workplace. Employees begin making these the moment they’re hired. They get a company email address and application logins. They may even update their LinkedIn page to connect to your company.
When an employee leaves a company, there is a process that needs to happen. This is the process of “decoupling” the employee from the company’s technology assets. This digital offboarding is vital to cybersecurity.
You don’t want a former employee to maliciously email all your customers from their work email. Sensitive files left on a former staffer’s computer could leak months later.
20% of surveyed businesses have experienced a data breach connected to a former employee.
Digital offboarding entails revoking privileges to company data, and much more. This is a critical process to go through for each former staff member to reduce risk.
Below, we’ve provided a handy checklist to help you cover all your bases.
Your Digital Offboarding Checklist
Knowledge Transfer
Vast corporate knowledge can disappear when a person leaves an organization. It’s important to capture this during a digital offboarding process.
This could be something as simple as what social media app someone used for company posts. Or it may be productivity leveraging. Such as the best way to enter the sales data into the CRM.
Make sure to do a knowledge download with an employee during the exit interview. Better yet, have all staff regularly document procedures and workflows. This makes the knowledge available if the employee is ever not there to perform those tasks.
Address Social Media Connections to the Company
Address any social media connections to the former employee. Is their personal Facebook user account an admin for your company’s Facebook page? Do they post on your corporate LinkedIn page?
Identify All Apps & Logins the Person Has Been Using for Work
Hopefully, your HR or IT department will have a list of all the apps and website logins that an employee has. But you can’t assume this. Employees often use unauthorized cloud apps to do their work. This is usually done without realizing the security consequences.
Make sure you know of any apps that the employee may have used for business activities. You will need to address these. Either change the login if you plan to continue using them. Or you may want to close them altogether after exporting company data.
Change Email Password
Changing the employee’s email password should be one of the first things you do. This keeps a former employee from getting company information. It also keeps them from emailing as a representative of the company.
Accounts are typically not closed immediately because emails need to be stored. But you should change the password to ensure the employee no longer has access.
Change Employee Passwords for Cloud Business Apps
Change all other app passwords. Remember that people often access business apps on personal devices. So, just because they can’t access their work computer any longer, doesn’t mean they can’t access their old accounts.
Changing the passwords locks them out no matter what device they are using. You can simplify the process with a single sign-on solution.
Recover Any Company Devices
Make sure to recover any company-owned devices from the employee’s home. Remote employees are often issued equipment to use.
You should do this as soon as possible to avoid loss of the equipment. Once people no longer work for a company, they may sell, give away, or trash devices.
Recover Data on Employee Personal Devices
Many companies use a bring your own device (BYOD) policy. It saves them money, but this can make offboarding more difficult.
You need to ensure you’ve captured all company data on those devices. If you don’t already have a backup policy in place for this, now is a good time to create one.
Transfer Data Ownership & Close Employee Accounts
Don’t keep old employee cloud accounts open indefinitely. Choose a user account to transfer their data to and then close the account. Leaving unused employee accounts open is an invitation to a hacker. With no one monitoring the account, breaches can happen. A criminal could gain access and steal data for months unnoticed.
Revoke Access by Employee’s Devices to Your Apps and Network
Using an endpoint device management system, you can easily revoke device access. Remove the former employee’s device from any approved device list in your system.
Change Any Building Digital Passcodes
Don’t forget about physical access to your building. If you have any digital gate or door passcodes, be sure to change these so the person can no longer gain access.
Need Help Reducing Offboarding Security Risk?
When you proactively address digital offboarding, the process is easier and less risky. Contact us today for a free consultation to enhance your cybersecurity.
—
Featured Image Credit
This Article has been Republished with Permission from The Technology Press.
by Blog | Sep 10, 2022 | IT Management
Many small businesses make the mistake of skipping policies. They feel that things don’t need to be so formal. They’ll just tell staff what’s expected when it comes up and think that’s good enough.
But this way of thinking can cause issues for small and mid-sized business owners. Employees aren’t mind readers. Things that you think are obvious, might not be to them.
Not having policies can also leave you in poor legal standing should a problem occur. Such as a lawsuit due to misuse of a company device or email account.
Did you know that 77% of employees access their social media accounts while at work? Further, 19% of them average 1 full working hour a day spent on social media. In some cases, employees are ignoring a company policy. But in others, there is no specific policy for them to follow.
IT policies are an important part of your IT security and technology management. So, no matter what size your business is, you should have them. We’ll get you started with some of the most important IT policies your company should have in place.
Do You Have These IT Policies? (If Not, You Should)
Password Security Policy
About 77% of all cloud data breaches originate from compromised passwords. Compromised credentials are also now the number one cause of data breaches globally.
A password security policy will lay out for your team how to handle their login passwords. It should include things like:
- How long passwords should be
- How to construct passwords (e.g., using at least one number and symbol)
- Where and how to store passwords
- The use of multi-factor authentication (if it’s required)
- How often to change passwords
Acceptable Use Policy (AUP)
The Acceptable Use Policy is an overarching policy. It includes how to properly use technology and data in your organization. This policy will govern things like device security. For example, you may need employees to keep devices updated. If this is the case, You should include that in this policy.
Another thing to include in your AUP would be where it is acceptable to use company devices. You may also restrict remote employees from sharing work devices with family members.
Data is another area of the AUP. It should dictate how to store and handle data. The policy might require an encrypted environment for security.
Cloud & App Use Policy
The use of unauthorized cloud applications by employees has become a big problem. It’s estimated that the use of this “shadow IT” ranges from 30% to 60% of a company’s cloud use.
Often, employees use cloud apps on their own because they don’t know any better. They don’t realize that using unapproved cloud tools for company data is a major security risk.
A cloud and app use policy will tell employees what cloud and mobile apps are okay to use for business data. It should restrict the use of unapproved applications. It should also provide a way to suggest apps that would enhance productivity.
Bring Your Own Device (BYOD) Policy
Approximately 83% of companies use a BYOD approach for employee mobile use. Allowing employees to use their own smartphones for work saves companies money. It can also be more convenient for employees because they don’t need to carry around a second device.
But if you don’t have a policy that dictates the use of BYOD, there can be security and other issues. Employee devices may be vulnerable to attack if the operating system isn’t updated. There can also be confusion about compensation for the use of personal devices at work.
The BYOD policy clarifies the use of employee devices for business. Including the required security of those devices. It may also note the required installation of an endpoint management app. It should also cover compensation for business use of personal devices.
Wi-Fi Use Policy
Public Wi-Fi is an issue when it comes to cybersecurity. 61% of surveyed companies say employees connect to public Wi-Fi from company-owned devices.
Many employees won’t think twice about logging in to a company app or email account. Even when on a public internet connection. This could expose those credentials and lead to a breach of your company network.
Your Wi-Fi use policy will explain how employees are to ensure they have safe connections. It may dictate the use of a company VPN. Your policy may also restrict the activities employees can do when on public Wi-Fi. Such as not entering passwords or payment card details into a form.
Social Media Use Policy
With social media use at work so common, it’s important to address it. Otherwise, endless scrolling and posting could steal hours of productivity every week.
Include details in your social media policy, such as:
- Restricting when employees can access personal social media
- Restricting what employees can post about the company
- Noting “safe selfie zones” or facility areas that are not okay for public images
Get Help Improving Your IT Policy Documentation & Security
We can help your organization address IT policy deficiencies and security issues. Reach out today to schedule a consultation to get started.
—
Featured Image Credit
This Article has been Republished with Permission from The Technology Press.
by Blog | Sep 5, 2022 | IT Management
One constant about technology is that it changes rapidly. Tools that were once staples, like Internet Explorer and Adobe Flash, age out. New tools replace those that are obsolete. Discontinued technology can leave computers and networks vulnerable to attacks.
While older technology may still run fine on your systems that doesn’t mean that it’s okay to use. One of the biggest dangers of using outdated technology is that it can lead to a data breach.
Outdated software and hardware no longer receive vital security updates. Updates often patch newly found and exploited system vulnerabilities. No security patches means a device is a sitting duck for a cybersecurity breach.
Approximately 1 in 3 data breaches are due to unpatched system vulnerabilities.
Another problem with using discontinued technology is that it can leave you behind. Your business can end up looking like you’re in the stone ages to your customers, and they can lose faith and trust.
Important reasons to keep your technology updated to a supported version are:
- Reduce the risk of a data breach or malware infection
- Meet data privacy compliance requirements
- To keep a good reputation and foster customer trust
- To be competitive in your market
- To mitigate hardware and software compatibility issues
- To enable employee productivity
Older systems are clunky and get in the way of employee productivity. If you keep these older systems in use, it can lead to the loss of good team members due to frustration.
49% of surveyed workers say they would consider leaving their jobs due to poor technology.
Following is a list of outdated technology tools that you should replace as soon as possible. Are any of these still in use on your home computer or within your business?
Get Rid of This Tech Now If You’re Still Using It
Internet Explorer
Many moons ago, Internet Explorer (IE) used to be the number one browser in the world. But, over time, Google Chrome and other browsers edged it out. Including its replacement, Microsoft Edge.
Microsoft began phasing out IE with the introduction of Microsoft Edge in 2015. In recent years, fewer applications have been supporting use in IE. The browser loses all support beginning on June 15, 2022.
Adobe Flash
Millions of websites used Adobe Flash in the early 2000s. But other tools can now do the animations and other neat things Flash could do. This made the tool obsolete, and Adobe ended it.
The Adobe Flash Player lost all support, including security updates, as of January 1, 2021. Do you still have this lingering on any of your computers? If so, you should uninstall the browser plugin and any Flash software.
Windows 7 and Earlier
Windows 7 was a very popular operating system, but it’s now gone the way of the dinosaur. Replacements, Windows 10 and Windows 11 are now in widespread use. The Windows 7 OS lost support on January 14, 2020.
While it may still technically run, it’s very vulnerable to hacks. Microsoft Windows OS is also a high-value target for hackers. So, you can be sure they are out there looking for systems still running this obsolete version of Windows.
macOS 10.14 Mojave and Earlier
Because of the cost of iMacs and MacBooks, people tend to hang onto them as long as possible. Once these devices get to a certain point, updates no longer work. This leaves the hardware stuck on an older and non-supported macOS version.
If you are running macOS 10.14 Mojave or earlier, then your OS is no longer supported by Apple, and you need to upgrade.
Oracle 18c Database
If your business uses Oracle databases, then you may want to check your current version. If you are running the Oracle 18C Database, then you are vulnerable. Breaches can easily happen due to unpatched system vulnerabilities.
The Oracle 18C Database lost all support in June of 2021. If you have upgraded, then you’ll want to keep an eye out for another upcoming end-of-support date. Both Oracle 19C and 21C will lose premiere support in April of 2024.
Microsoft SQL Server 2014
Another popular database tool is Microsoft’s SQL. If you are using SQL Server 2014, then mainstream support has already ended. And in July of 2024, all support, including security updates will stop.
This gives you a little more time to upgrade before you’re in danger of not getting security patches. But it is better to upgrade sooner rather than later. This leaves plenty of time for testing and verification of the upgrade.
Get Help Upgrading Your Technology & Reducing Risk
Upgrades can be scary, especially if everything has been running great. You may be afraid that a migration or upgrade will cause issues. We can help you upgrade your technology smoothly and do thorough testing afterward. Schedule a technology review today.
—
Featured Image Credit
This Article has been Republished with Permission from The Technology Press.
