Whether you work for the HR department or IT department, you know that the offboarding process is a tricky thing. From the HRs point of view, it’s essential to make sure the employees’ exit conducted ethically and legally; from the point of view of your IT security, the departure mustn’t hurt your company data and networks.
That is why these teams must work together to ensure that the offboarding process is covered from both ethical, legal, and data security bases. To ensure all those things are respected, here are some points you need to remember when you offboard an employee in G Suite.
1. Revoke the access to G Suite and other systems
While working in your company, employees have access to many systems: chats, HR programs, sites, etc. They are all important, but your most significant data assets are usually kept in G Suite. If, for some reason, an employee leaves the company on bad terms, leaving them with access to all business data of the company can become a catastrophe.
Even a few days of having access can be enough for the offended employee to create chaos. They can download data and leak it to competitors or use it to open their own company, send emails on behalf of your company, or delete it permanently just for the sake of revenge.
Those examples may seem extreme, but you would be surprised how widespread this practice actually is. Having a disgraced ex-employee that still has access to your work presentations, internal documents, policies, and numbers, is like a bomb that can blow at any moment.
So, how can you revoke access? Usually, it is an obligation for an employee that has administrative rights in G Suite. They need to have the user’s credentials with full access to applications.
2. Backup G Suite data of an employee
If you haven’t been backing up your company data all along, it is the time to do it. After you’ve revoked user’s access to their G Suite data, it’s time to save it. The thing is, G Suite subscription costs money, so keeping the license may not be the wisest option financially speaking.
We don’t recommend saving your employees’ data irregularly and advise you to stick to a strict regular schedule. While they are your employees, they create new documents, sheets, presentations, write new emails, and point meetings every single day. A simple Gmail data recovery can be impossible without backup in case of a cyberattack or permanent deletions.
How can you backup your G Suite? There are two options:
- Manually. It means that you don’t use professional backup services for these purposes and save it “with your bare hands.” Usually, it is an option for small companies with up to 10 employees and with low volumes of data accordingly. If this is your case, you can use Google Takeout. Google Takeout is a free Google service that lets you make a one-time copy of data from all your Google Apps.
Your employees can make it themselves from time to time. If they are leaving, your G Suite administrator should make the final copy of their data right after their offboarding is announced.
Be aware that you need to allocate safe space for data you will be saving.
- Automatically. This option is much more preferable, especially if your company produces high amounts of data regularly. Automatic backup 1-3 times a day is a reliable option that reduces many problems, such as data loss, compliance fines, ransomware attacks, and so on. Moreover, it is much more convenient and secure than copying or migrating data manually every single time. In case you need a professional backup solution, check out the Spin Technology page.
3. Forward emails to the relevant account
Employees may leave, but their connections with vendors, contractors, and other third parties who aren’t informed about their leave stay. Those third parties will be trying to reach out to former employees’ emails, and, when not getting a response, may cut the business connection with your whole company. This can affect your business in a bad way, depriving you of potentially valuable contacts and propositions.
To prevent this, forward all the emails of a leaving employee to the relevant Gmail. It might be custom made Google account with separate Gmail for these purposes, or Gmail account of some other employee that will be responsible for answering those emails, or new Gmail account of the old employee’s replacement.
This way or another, don’t let the emails of the offboarded employee sink into oblivion.
4. Revise all the apps connected to G Suite account
This might seem new for you since even chief information security officers often overlook this step. The reason this practice of revising all the connected third-party applications seems new for many people is that the threat behind the applications is something new.
Now, this problem is gaining momentum and is a part of a bigger problem called Shadow IT. For those of you who don’t know, shadow IT is a term used to describe unauthorized by the IT department usage of applications and services by employees. It is not always done with malicious intent; most of the workers just want to make their work more productive with those applications.
The problem is if a malicious application is provided with access to your corporate OneDrive or Gmail, it can easily spread ransomware across all G Suite. Another threat is the spyware – malware that spies on the organization gathering information about it. It all can be transmitted through granted permissions all the applications require when you install them.
The other reason why you need to revise all the connected applications is that they might be vital for the work process. For example, the employee got fired and their G Suite account got suspended or deleted with all the connected apps like Google Analytics, Data Analytics, etc. This may be fraught with loss of access to valuable data and a headache tied with its recovery. So make sure to take care of that as well.