skip navigation
skip mega-menu
By The North West Cyber Resilience Centre

A growing trend that police forces across the North West continue to see is disgruntled former employees will attack or remove client/company data when leaving a job. 

It's the responsibility of a business to ensure that they have the necessary plans to react to any staff member leaving a business. Does your company know what you'd do if you had to dismiss a staff member for misconduct or due to a cybersecurity breach?

Many businesses will have policies and instructions to; change office locks, take back parking passes, recover work laptops and adjust payroll. But are you forgetting about removing any account access an employee had in your business?


What are the responsibilities of a business with security upon the termination of an employee?

Before completion of an employment contract 

  • Ensure a thorough handover document is written and reviewed. 

  • They ensure that any sensitive information, login details, accounts or documents are passed onto their replacement or line manager. 

Before the employee leaves the business 

  • Consider the legal implications of any non-disclosure agreement in place before completing the termination of employment.

  • Before completion of the employment contract, ensure that a thorough exit interview is completed. 

  • Remind them of their responsibilities and contractual obligations in their employment contract - especially regarding the Data Protection Act 2018.

  • Ensure all employee accounts and login credentials are disabled

  • Ensure any company devices are returned and reset or reviewed before being reissued

  • If necessary, consider alerting other team members that the person has left the organisation to avoid them sharing information unwittingly.

Take the opportunity to ensure you are reviewing. 

  • Any security controls on employee devices and accounts for all employees (consider reviewing this annually).

  • What account/data can employees access - do they need this access?

  • Who has administrative access to critical accounts and data? Does this need to be transferred to another staff member?

Suppose your business found that an employee had been downloading lists of sales prospects with contact details from your CRM system and then sending these files to a local competitor. What would you do?

  1. Lock and suspend any activity on this employee's accounts

  2. Investigate the employee's performance to confirm suspicions and attain evidence of wrongdoing

  3. The employer should review any account access and data of the employee

  4. Employers should review other employees' account access and data so this isn't repeated.

  5. Revoke access where needed

  6. If necessary, consider alerting other team members that the person has left the organisation to avoid them sharing information unwittingly. Ensure they're aware and alert in knowing to report anything suspicious.

Has your business recently dealt with a Cyber Incident? Do you want to ensure your network is secure after dismissing a staff member? Talk to the Cyber Resilience Centre today!

Subscribe to our newsletter

Sign up here