A survey, conducted by Intermedia, found that 89% of ex-employees retained access to corporate apps containing sensitive information, including G Suite after they leave the company. What is even more disturbing, 49% of them admitted to logging into a corporate account after their employment contract ended.
The consequences of such data security violations can be (and usually are) disastrous: data leaks, breaches, deletions. Moreover, sometimes companies stay unaware of this for long periods of time, which at best case scenario results in losing a bunch of money, and at worst can leave your company with lawsuits and a stained reputation.
As an administrator, you must be head-on to threats associated with employee leave so you can prevent them. But not only that: it’s on you to take care of where the data of a leaving employee will be transferred, so the new worker could have information he needs to get to work without losing company time.
This article will guide you step-by-step to the secure employee exit and provide you with some prompts on this way!
With SpinOne user management in Google Workspace can be easier. Learn how.Request a demo
Table of Contents
Step 1. Disable access to G Suite user account
If the employee leaves suddenly, the first course of action you should take is disabling access to his or her G Suite account. It will prevent the user from sharing files outside the company or sending emails from a company G Suite domain but will preserve the data for archiving or transferring to another account later.
You can suspend a user in google apps as an administrator, but it would be better to log in as a user with his credentials to have full access to the user’s data in all Apps. It is particularly important if the employee has access to company apps such as Google Analytics and Adwords or social media accounts such as Facebook and Twitter.
When you are logged in, here are the steps you should take:
- Log in as admin or use employee’s credentials.
- Change the password and reset cookies to ensure they can no longer access the account. And don’t forget to reset login cookies so the logged-in user can’t enter the account automatically. For that, go to Security section, press Reset sign-in cookies.
- Clear all applications specific passwords user created and disable access to user’s Google Account for authorized services (if he provided it).
Go to the settings, scroll down, press Show more and go to Security section. Here you can do all of that, so just go in order. First, press Turn off 2-step verification.
Then come down to Applications specific passwords, where you’ll see the list of applications you can reset passwords for. Just press Reset near each one of them. Just below you’ll see Authorized access, press Revoke.
- Delete access to the account and company applications from all connected devices including mobile phones. To do that, go to the end of the page and near the Mobile management section, you’ll see all the devices connected to this account. Click Wipe this device or Wipe this account.
- Remove any recovery phone or email addresses associated with the account. Choose Your personal info from the home screen, then remove any personal, external email addresses and phone numbers associated with the account.
Step 2. Backup employee’s data
There are two ways to backup important company’s data:
- Automatically with the help of third-party services like Spinbackup
Your company data can’t be secure if you just save them occasionally. Backing up all the company data automatically and regularly on trusted cloud storages is the only option if you want your files to be safe. Moreover, you need to take care of this data to be easily restorable and protected from cybercriminals.
Spinbackup doesn’t only backup your critical G Suite data. It also protects your account from data leaks.
To save your G Suite/Google Apps data with Spinbackup follow this simple guide.
- Manually with Google Takeout
Manual backup is not the best choice for companies because of a quite large amount of data to deal with. If you need to set up email archiving for G Suite or want to know other manual methods to backup your G Suite data, visit this article. But in case you need to make just a one-time copy of your Google account data, use Google Takeout.
- Log in to the former employee’s Google account and click on Download your data. There you will see all apps that contain your data. All of them are selected by default, so to choose only particular files press Deselect all, and then put a tick beside the field you need.
- To download some parts of your data just leave all the data selected and uncheck the box near the files you don’t want to save. Then press Next step.
- Customize your archive by choosing the delivery method, type of export, type, and size of the file.
It can take some time, depending on the number of files.
Step 3. Transfer G Suite Data to Another Account
There are two ways to transfer data between G Suite accounts:
- Simple, if you are using Spinbackup.
First, it’s easier because you don’t need to save data additionally before or after you transfer them – they are automatically backed up. Second, it just takes fewer steps.
By default, only the route G Suite administrator can migrate data between accounts. However, you can nominate an additional administrator and give him/her permission to migrate data. You can revoke this permission in the future if needed.
To do so, follow the instructions on how to migrate data between accounts with Spinbackup here!
2.Tricky, if you are using G suite migration service.
If you can transfer all data using only G Suite service, we recommend you to follow these steps to perform G Suite data migration to another Google account.
After you successfully backed up and transferred all the important data, you can delete the original user account without fear of losing vital information.
Step 4. Forward Emails
Most likely, the leaving employee had some important unfinished correspondences, or their email is the only way for some customers/companies to reach your company. In this case, you may need to forward suspended emails. All you have to do is:
- Create the same email address (if you have already terminated an employee’s Gmail) and put someone responsible to go through it.
- Set an auto-responder to inform the sender that the employee is no longer working at the company and offer a new point of contact.
Step 5. Collect Company Devices and Wipe Clean
Of course, before leaving the employee must return any laptops or mobile devices that they used for work. In most cases, these devices are recycled for new employees. To prevent inadvertently giving a new employee access to sensitive information, don’t forget to back up, transfer, and wipe clean all data on the devices.
Step 6. Add an account as an alias
If the former employee used their email as a login to some sites or services you may need in the future, this is the right move to make.
To add their email as a nickname, you need to:
- Log in to your G Suite admin panel.
- Press Users and choose a user.
- Press Accounts, and then press Add a nickname under Alias.
- Insert the email of the former employee.
Step 7. Review Risky Third-Party Apps Installed by the User
Another important measure to take is to control risky third-party apps that the employee has granted access to from their corporate Google account. Why? Because these apps could have been used to copy company files and may retain access to corporate data.
There is currently no easy way to monitor third-party apps in G Suite. But Spinbackup Cybersecurity suite allows you, the administrator, to see all apps installed by the users, all the permissions that have been granted, and the risk rate of these apps.
You can easily assess and mitigate risks related to cloud apps with SpinOne!Learn how!
From the Spinbackup admin console, you can easily block risky apps as a security measure after the employee leaves the company. Also, you can flag and block activity such as unauthorized downloading of files. This feature can provide enhanced surveillance of user actions if an employee has given the notice to leave but still has to work at the company.
Step 8. Conduct an Exit Interview
Conducting an exit interview is a common part of HR procedure when an employee leaves a company, but data security is not always included in this conversation.
A thorough exit interview should include questioning the employee on their data practices while they were at work, such as if they downloaded corporate files to personal cloud storage. The previously mentioned survey found that 68% of ex-employees had downloaded work files to their personal cloud storage.
It’s also essential to remind the ex-employee that company information is confidential and should not be shared with anyone outside the organization.
The exit interview is also the last chance to ask the user for their login credentials for cloud apps. This is necessary to gain access to data stored within the apps – even a G Suite super admin does not have full access to all data and apps within another user account.
Finally, it’s important to ensure that employee contact information is up to date so that he or she can be contacted in the event when access is needed to any forgotten corporate accounts in the future.
Your next steps as an administrator after reading this article:
1. If you don’t have a rule that HR notifies you every time an employee is about to leave, set up this rule. From now on, when someone is about to leave their job, you should be notified immediately. No one should underestimate this moment since all company data security depends on it.
2. Ask your HR or responsible manager about how much time the employee needs to finish the tasks that require access to their G Suite account. Before you cut access to G Suite for the employee, you better use Spinbackup tools to track all data movements within the company to prevent any leaks of sensitive or important company data.
3. If an exit interview is still not mandatory in your company, you should speak with your Human Resources Department about setting up this rule.