How to Handle Computer Access and Use of Exiting Employees (Part Three)

Having policies in place to address computer access and use by employees who either are in line to be terminated or who have already been terminated is very important. Disgruntled employees who know they are about to be terminated may delete important, valuable company data and information. They could also download and take important and valuable information with them. This security threat is even greater if the employee still has access to a company’s network and data after they are gone.

Even an employee who leaves on good terms yet still has access to a company’s network is a security threat. Their access is a vulnerable source of entry onto the network.  There may also be a need to preserve specific information and data that might be relevant if the employee’s separation may be the subject of litigation.

Accordingly, it is important to have the following policies and procedures in place.

Notification and Data Security Procedures

There should be specific procedures regarding who is to be informed when an employee is to be or has been terminated. This should include the IT staff or outside IT vendor. In addition, it should be clear what steps need to be taken and by whom. This can help preserve and secure the company’s network and data. This should, at a minimum, include:

  • Restricting the employee’s access to the network,
  • Preserving data and information maintained on the employee’s computer (including emails), and
  • Making sure all other devices used by the employee (laptop, tablet, phone) are retrieved from the employee.

Communication with IT Staff

Don’t wait until the day or day after the terminated employee leaves the company to inform your internal or external IT staff. Early communication and involvement with the IT staff or outside IT vendor regarding an employee’s separation is vital. Your IT staff or IT service provider may need coordinate such efforts. If you give IT a heads up in advance of a termination, they can restrict access or terminate completely if necessary prior to the employee knowing of the termination. ​

Protect Your Company and Customer Data

In cases where an employee is terminated under circumstances where the company may fear the employee may seek to harm the company’s business interests or may pursue litigation relating to the termination, the policy should include steps to ensure access from all devices is terminated as soon as possible, that information is preserved on all devices used by the employee, that remote access is terminated, that the employee’s email and online activity is preserved, and that all of these efforts are documented.

Conclusion: Acceptable Use, Social Media, and Employee Termination Policies

Over the past few months, Eric Gunderson from Farrell & Gunderson, LLC has stressed the importance of acceptable use policies for computers, the internet, email, and social media. It is important to cover all of your bases, from a legal perspective and an IT perspective. If you have any questions or would like any advice, feel free to reach out to us for more information.

About Eric Gunderson

Eric W. Gunderson is an attorney and partner at Farrell & Gunderson, LLC.  Mr. Gunderson focuses his practice on working with businesses and their corporate leaders to provide counsel and representation in matters involving employment law, employee relations, business disputes, and other business and civil litigation matters in Howard County as well as throughout Maryland and the District of Columbia.