7 Deadly Sins of Techy Turnover
Going through techy turnover may not seem like the end of the world, but if you’re not careful, it could very well be fertile ground for huge problems. Below, we’ll cover the seven deadly sins of techy turnover that you need to avoid if your company is to thrive.
This is an easy sin to fall into for a number of reasons. In general, becoming complacent is a deceptively easy thing to do too, even in a field as dynamic as IT. However, this is even more so the case when you have turnover. That seems pretty counter intuitive though, so let’s look at why.
First of all, if you just had a ton of turnover, it may be because your company recently took a hit or otherwise needs to really batten down the hatches. Whatever the case, the natural move is to do very little at all. You try to just focus on what you have left in terms of staff and do your best. On the other hand, turnover may just be a natural part of your particular business cycle. In that case, it can be extremely easy to be complacent about staff coming and going. It probably doesn’t raise a single alarm bell with you or those around you at your company.
Ignoring the Business Risk
Chances are if you’re complacent about turnover, you’re probably ignoring some pretty important business risks that go along with it too. By itself, complacency is never a good thing. Add to it blinders that leave you vulnerable to risk, though, and you’re headed for serious trouble. Risk assessment is central to good business practices. This is especially true, though, when those risks involve some of your most important staff members.
Failing to Plan
Everyone has heard the saying, but it’s worth repeating: failing to plan is planning to fail. Cliché though it may be, you’ve probably had the misfortune of learning how true it is at least once. When it comes to dealing with IT turnover, failing to plan can come with epic consequences. The major problem is that a lot of companies don’t have a documented process for revoking access of IT employees..
Throughout an IT staff member’s career, even if it’s a short one, they’ll most likely amass at least a few login credentials. Just the fact that these credentials were necessary speaks to the fact that they involve sensitive data you don’t want to lose control over. Now you’ve gone and let someone go, or perhaps the person decided to up and quit. Whatever the case, if you don’t revoke their credentials—all of them—right away, your company could quickly learn a brutal lesson in the importance of planning.
A plan needs to be in place for revoking access to all systems ASAP. Keep in mind that you won’t always plan to terminate someone. They may simply decide not to come back from lunch and you have to be ready to act right away.
Lacking Access Awareness
Putting together a revocation plan won’t actually do much, though, if you don’t know who has access to what. As you probably know, it’s fairly easy for credentials to get assigned to someone “off the record.”
You may be understaffed one day and decide that it’s necessary to get help from Craig by giving him credentials he was never supposed to have. If you don’t record this, that information may be lost forever. Now, when Craig gets upset over his termination, he has that access available should he decide to resort to revenge.
Passwords Don’t Get Changed
It should probably go without saying that passwords must be changed on a regular basis. This mistake is one of the ones a hacker most looks forward to. After an IT employee leaves your company, any passwords they had access to have to be changed immediately. These may not be their specific login credentials, per se, but if they’re something a former staff member could still use, you’re playing with fire to keep them unchanged.
Another deadly sin is not auditing what former employees may be doing. No, they’re not under your roof anymore, but you still want visibility on what these people may be doing relative to your company.
What if they’re trying to gain access to your infrastructure remotely? Wouldn’t you like to know this is happening so you can put an end to it immediately and ensure others know it’s not even worth trying?
At the end of the day, it’s important that you know about the six sins we just mentioned and take actions to ensure they don’t become reality for you and your company. However, no amount of awareness or planning is going to help your organization if employees aren’t on board. This is why accountability has to be a priority.
Even when passwords for former employees get changed, what good is it if the supervisor can still use those credentials? This happens more than you think. A supervisor may get themselves locked out of a system from bad login attempts and decide just to use one of their old employees’ credentials instead. Now, though, you have system records showing a terminated employee rooting around. That’s not going to end well.
Hopefully, you don’t recognize all seven of these deadly sins in your own organization. However, if just a single one was familiar, it’s time to act right away.