Losing an employee, whether it’s through termination or resignation, isn’t exactly fun. You probably have a bit of paperwork to deal with after the fact, not to mention the process of finding and training a replacement. One of the last things you might be thinking about is what that loss means for your website.
The truth of the matter is, though, that you will need to think about it eventually if that employee had access to the back end of your website and/or any other accounts related to it, such as social media or marketing software. This is especially true if you have business data on your website that you only want paid staff to see or use.
It's always worth thinking the best of people, yet an employee you had to fire could become unscrupulous and start tapping private data. They may even access private information out of spite due to being fired from their job.
On the other hand, you have employees who may resign under their own accord due to getting another job. If that employee was privy to trade secrets in a database or on your website, he or she could still access that information if they remember the passwords. This may result in an employee passing on your trade secrets to a competitor.
So what can you do to combat all of this? Some things are probably obvious, though you may miss other protection measures.
This may seem simple enough, but it’s easy to forget to change your passwords due to complacency or simply being too busy. The problem is that even though you may have fired an employee, they could still take passwords with them without your knowledge. They could easily access the back end of your site and steal customer information or other personal data.
Some experts recommend hosting all access points through a Google apps email account. Doing this lets you change the one password once belonging to the employee you let go without affecting other employees or users. It also lets you terminate employee access to all tech in your company so the individual won't try using their password on another device.
Other programs exist like LastPass that let you store passwords for company staff. When someone leaves, you can disable any password belonging to a particular employee.
Closing Down Or Updating Internal Accounts
Otherwise known as "zombie accounts", you may have a number of internal accounts your former employees used on your site. You'll have to check all of the company computers and mobile devices the employee used so you can get these accounts shut down.
If an employee was part of your administrators group, you can usually remove their accounts from the list. However, if you only have one admin account that several employees access, you will need to change the master password if any of those employees leave. That being said, it’s probably better for everyone to have separate accounts to avoid that hassle.
Problems could occur beyond just the employees as well. Some employees just move on, and it could mean their internal accounts sitting idle. Without updating them for security, they could become vulnerable to hackers.
Limiting Access to Accounts
You could always create non-compete clauses in employee contracts so you have a legal document forcing former employees to have no more site access. This doesn't mean something still couldn't happen, so it's best to put preventative measures in place when you first hire your staff.
The best plan is to just give employees as much access as they absolutely need. Administrator-level permissions need serious analysis based on the trust level you have with each employee. If a person has no need in their day-to-day job to access sensitive client or financial information, don’t bother giving them access in the first place and you won’t have to revoke it later.
At the end of the day, if you're not overly trusting of any of your employees, you're better off keeping the administrator role to yourself. Nevertheless, providing limited access for each employee eliminates them having wide-open access to your most sensitive data that you need to keep compliant.