What You Should Do After an Employee Gets Dismissed

In the event of an IT employee or consultant dismissal, the following steps should be taken to preserve network security and limit potential issues downstream.

IT Support Provider System Lockout Procedure

  • Lock out user’s virtual and physical access to network resources
  • Disable user account
  • Change domain administrator password
  • Disable user’s alarm code, card key, etc.
  • Inform staff of your actions and instruct them to not allow this person access to the network or premises

Change the following passwords

  • Firewall
  • Wi-Fi Key
  • VPN password/phrase
  • Anti‐Spam
  • Anti-Virus
  • Domain Registrar and SSL certificate management passwords (GoDaddy, Register, Network Solutions)
  • System accounts with remote access
  • Security system
  • Video surveillance
  • Phone system
  • QuickBooks
  • Other Production Software

The following should be changed after hours to avoid network/business disruption

  • Service accounts (accounts used on servers that allow certain programs and scheduled tasks to run, such as backups)
  • VPN Client passphrase – share new passphrase with remote users

Once the passwords have been changed, test and verify access and functionality of the following where applicable

  • VPN Client Access
  • Firewall
  • Anti-Spam
  • Anti-Virus
  • Outlook Web Apps and mobile device connectivity
  • Security System including Alarm and Video
  • Backup
  • Wi-Fi

Finally, third parties with whom the person was listed as a company contact should be notified. We would not want this person calling in to AT&T and having your phone lines moved to the building down the street, or your Internet service cancelled.

  • Phone Company
  • Internet Service Provider
  • Alarm Company
  • 3rd Party Software
  • Hosted services including Email, Backups, Financial software (QuickBooks)
  • Banks
  • Travel
  • Hardware/Software vendors such as Dell. HP, CDW, Staples, etc.,
  • Building Facilities