Unfortunately, your company sometimes needs to fire one of its employees. In some cases, this firing might involve a member of your cybersecurity team. Considering their skill set and knowledge of your technical infrastructure, this situation requires a careful approach from managers.
In short, your company needs an action plan to handle the firing of any employee. Obviously, this plan needs to include specific steps when you dismiss a cyber professional. Leverage these insights to stave off the adverse effects of their potential retaliation. After all, the security of your technical assets and data depends on it.
Require All New Employees to Sign an Acceptable Use Agreement
The legal aspects of firing an employee become easier when requiring they sign an acceptable use agreement upon hiring. This agreement typically includes non-disclosure verbiage and foregoing personal privacy considerations when using company-owned technology. Also include compliance to the company InfoSec policy.
Take a Discrete Approach Before the Firing
Considering the potential damage caused by a disgruntled cyber professional, being discrete before their firing makes perfect sense. No one beyond senior management and the employee’s manager needs to know. If word gets out to the office rumor mill, the risks to your company greatly increase.
Preparing for the Exit Interview
Since the exit interview includes the actual firing event, some preparation is in order. HR needs to be ready to escort the employee from the premises after their termination. If allowed to collect personal belongings from their office or work area, make sure they are observed.
Also require the return of any company-owned mobile devices. These include smartphones, laptops, and tablet computers. Any key fobs, physical keys, and badges providing access to company facilities and secure areas must also be returned. Importantly, disable all system accounts for that user. Don’t delete the accounts of any fired employee; just disable them.
Another critical task involves changing all physical locks for areas the employee had access. Always assume they made copies of any keys. Also change cipher locks and encryption keys, and other relevant passwords and authentications to which the employee enjoyed access. A thorough approach remains absolutely essential.
In the event of a potential employee termination with further investigation required, follow a slightly different tact. Give them a paid leave of absence, and follow the same steps as above. Only restore access if the investigation determines the employee is not at fault.
Looking For Cybersecurity Talent?
When you need help finding great cybersecurity talent, speak with the experts at Redbud Cyber. As one of the top SecOps staffing agencies in the country, we provide great candidates able to succeed with your team. Schedule some time with us soon to discuss your needs.
