Do you change system passwords when an IT person leaves? If not, why not?
An article in today’s Register highlights the need to have a Leavers’ policy within all organisations and for that policy to be enforced. The article relates a recent court case where an ex-employee logged into his previous employer’s computer network and deleted a large amount of data. The court reckoned that $800,000 damage was caused and that the company’s operations were frozen for several days.
Most IT people are nice people (hey, I used to be one myself and still am, sort of) but even in the most friendly of departures, certain formalities need to be observed. If an IT person leaves, make sure that:
- all accounts to which they had access are either closed or have their passwords changed;
- they sign a statement confirming that they have returned all company equipment and information; and
- they are removed from any access control groups of which they were previously members.
Simple stuff really, but get it wrong and the consequences could be extreme.
Agdon Associates and Business Continuity UK are no longer in business. This website is not being updated: it has been left online solely as a source of useful information on Business Continuity.