No matter how the employee leaves, willfully or not, IT should treat all outgoing employee situations the same way. Within the standard operating procedure for dealing with leaving and left employees, the goal of infrastructure security should always remain constant. Any IT work done as a result of an outgoing employee has to be embedded with the idea that this employee is now cut off and should not be able to access firm data from the outside. Another important point is that another employee needs to pickup the slack. IT needs to make sure that the “slack-picker-upper” has access to whatever they need to get the job done with the lowest amount of downtime and disruption to client matters.
Scenario 1: Employee Leaves Willfully
If the employee is leaving willfully, a time is organized for an end date. This is generally when all employee property will be returned such as laptops & phones. This time is also coordinated with IT for a PC & account lock. This means network and email passwords will be changed, the ex users’ PC will be locked, and all access to firm data from the outside will be cut. Email will then be forwarded to an employee who will be handling the ex-employees workload. If the employee has a firm cell phone, a forward is setup as well. Again, the goal is to maintain all means of communication with the client during this change with absolutely no downtime in order to decrease any billable hour loss and work disruption.
Scenario 2: Employee is Terminated
This situation doesn’t always happen so smooth where an employee leaves willfully. In fact, most of the time we find ourselves in the opposite situation where the employee is let go. In these situations you have to let IT know as soon as you know that the decision has been made for termination. IT needs 10 minutes to prep not only the network but also the user’s PC. While IT can change the network password of the user, if the user is logged in, they may still have access to firm data. Often, we have to physically lock the PC or perform a remote lock once we get word of the termination. This is usually sudden and is done as the user is working. We then get a call from the user as to why they were locked out, and in this situation we usually explain that there is an issue with the network, and we are currently working on it. Within this plan the next step is usually when a partner asks to speak to the employee, and you can figure out the rest. While the employee is in the office, locked out of the network, IT should be locking down remote access and forwarding email as well as setting up email sharing with another user in case they need access to previous email as a reference.
Scenario 3: Employee Offers Notice / Employer Offers To Leave Immediately
Often when employees offer 2 weeks notice, our firms do not accept this and ask for the employee to leave the same day. 2 Weeks is a long time to start compiling email and copying firm documents for personal benefit, and our clients know this. Without a document management system there is no way to know if a user copied firm data to take with them. In addition to that, an outgoing user may even delete data as well. The best security law firms have in this situation is to offer the employee less time to do so by simply telling the employee that they do not need 2 weeks notice, and can leave right now or at the end of the day. We work with some very successful law firms that utilize this practice. While it is not planned with your IT company or “nice”, it does provide a degree of protection. Just make sure you call your IT company to lock the user down ASAP.
While this situation is not a positive one, your firm’s security and data integrity must always be first in your mind. IT and technology is there to aid you in these sometimes uncomfortable situations. Keeping IT in the loop when you have to make these hard decisions will offer your firm protection against retaliation & downtime. Utilize your IT company during these times, ask questions and know the outcomes of situations like these and how they will affect your firm before it happens based on IT feedback. With all that IT intel, you should be ready for anything.