In today’s fast-paced modern business world, it’s unrealistic to expect your employees to stick around forever. The days of people working for one company for their whole career are over and the average time an employee stays with one company is now just a little over four years.
It’s inevitable that staff will leave your G Suite domain and organization but it’s also important to put time and thought into planning an exit strategy that can be implemented when an employee leaves, in order to protect enterprise data.
This is particularly important if there is an increased risk of data being leaked or stolen or malicious behavior from the employee, for example if they have been fired or if they are moving to one of your competitors.
A survey conducted by cloud provider, Intermedia, found that 89% of ex-employees retained access to corporate apps containing sensitive information, including G Suite, after leaving the company. Even more worrying, 49% admitted to logging into a corporate account after their employment contract ended.
G Suite Security Checklist
Using the G Suite Security checklist below covering every step of the process and G Suite deployment techniques is the best way to make sure the employee exit is dealt with quickly and securely.
Disable G Suite User Account and Email
If the employee leaves suddenly or under difficult circumstances (such as being fired), disabling access to his or her G Suite account should be the first course of action and the account should be suspended as soon as possible. Suspending the account will prevent the user from sharing files outside the company or sending email from a company G Suite domain, but will preserve the data for archiving or transferring to another account later.
Ideally this situation should be avoided as suspended Gmail accounts cannot receive email. You will also need to obtain the original login credentials of the account to gain access to the data.
Ask for Login Credentials and Change Passwords
In order for data to be retrieved from employee accounts, it may be necessary to login as the user in order to download or transfer the files. G Suite administrators do not have full access to user data in all Apps.
It is particularly important to get the username and password for employees who have access to company apps such as Google Analytics and Adwords in Google or social media accounts such as Facebook and Twitter.
After successfully logging in as the original user, change the password to ensure they can no longer access the account. Two-step verification must also be disabled and login cookies should be reset to end any logged-in sessions that the user may still be able to access.
While it may seem wasteful to keep an unused Google account open when the licence could be used for a new employee, it makes sense to allow for a transition period of a few months when emails can be forwarded to the line manager and an auto-responder can be set up to inform the email sender that the employee is no longer with the company and offer a new point of contact.
Once the original user account has been permanently deleted, you can setup a group with the same email address as the original user and add appropriate recipients to the group. This will ensure that no future emails are missed.
Transfer G Suite Data to Another Account
Migrating G Suite data to another account allows the original account to be closed while still retaining access to potentially important company data. Once G Suite backup, Gmail backup, Calendar backup, Google Drive backup , and Google Team Drives backup has been completed and the data successfully transferred, the original user account can be deleted without fear of losing vital files or information.
Collect Company Devices and Wipe Clean
Any laptops or mobile devices that the employee used for work should naturally be returned to the company before leaving. If these devices are to be recycled for new employees, the data should be backed up or transferred to storage and wiped clean to prevent inadvertently giving a new employee access to sensitive information, or causing a privacy breach.
Company files should also be deleted from personal devices, although this can be significantly more difficult to action. G Suite Administrators can remotely access and manage corporate applications and data on Android devices, if they are within a separate work profile.
Conduct an Exit Interview
Conducting an exit interview is a common part of HR procedure when an employee leaves a company, but data security is not always included in this conversation.
A thorough exit interview should include questioning the employee on their data practices while they were at work, such as if they downloaded corporate files to personal cloud storage. The previously mentioned survey found that 68% of ex-employees had downloaded work files to their personal cloud storage.
It’s also essential to remind the ex-employee that company information is confidential and should not be shared with anyone outside the organization.
The exit interview is also the last chance to ask the user for their login credentials for cloud apps. This is necessary to gain access to data stored within the apps – even a G Suite super admin does not have full access to all data and apps within another user account.
Finally, it’s important to ensure that employee contact information is up to date so that he or she can be contacted in the event that access is needed to any forgotten corporate accounts in the future.
Review Risky Third-Party Apps Installed by the User
Take control of the risky third-party apps that the employee has granted access to their corporate Google account as they could have been used to copy company files and may retain access to user data.
While there is currently no easy way to monitor third-party apps in G Suite, a service such as the Spinbackup Cybersecurity suite can allow administrators to see all apps installed by users and the permissions that have been granted.
These apps can be blocked as a security measure after the employee leaves the company and activity such as unauthorized downloading of files can be flagged and blocked. If an employee has given notice to leave but is still working at the company, this feature can be invaluable to provide enhanced surveillance of user actions in the weeks before they leave.
Check out Spinbackup’s Ultimate G Suite Security Guide!
10,152 total views, 4 views today