An employee’s departure represents a significant threat to an organization’s information security if sufficient procedures are not in place (and actually followed) in connection with the departure. Here are some important steps to take to keep departing employees (whether resigning or terminated) from undermining your security, whether unwittingly or intentionally.

Make sure the HR department notifies IT of an employee’s resignation or termination and last date of employment, so the departing employee’s login credentials and access rights to company computers, email, and other information systems are deactivated prior to or at the time of departure.

Have and use an exit interview process to identify and retrieve from a departing employee all company equipment, files, and information (which may be proprietary company information or personal information about other employees or customers). If there is advance notice of the employee’s resignation or termination, advance planning may be appropriate to assess any anticipated logistical difficulties, such as timely retrieval of equipment or files the employee used at home.