Dropping the Ball on Employee Onboarding/Offboarding – A Bad Look and a Cybersecurity Risk

Time to address one of the most notorious IT blunders that organizations fall victim to: the employee offboarding.

Seems simple, right?

“We have a user leaving… abruptly. We need their access cut off… quickly.”

The combination of not defining what this means and the time sensitive nature of some of these requests is a perfect combination for the ball being dropped.

There is one solution to this problem. Only one.

A Checklist.

That’s it. A checklist is absolutely required for employee onboarding and offboarding. Without having a clear definition of what applications, security, web-based applications, and vendors the user needs access to, there will be massive variation of how your users start their new role.

Why is employee onboarding and offboarding so important?

Onboarding

Without the proper applications access, your employee starts their job with hurdles and hassles. It’s difficult enough trying to train a new paralegal or lawyer on your processes, and now they have technology hurdles too? This can be a recipe for frustration and downtime.

It’s not just the new person. They are always paired with a more senior individual at your firm: it may even be you! What happens if that person has multiple employees that they’re trying to help but can’t get them access to what they need?

I know you’ve run into this, and I know it’s taken up a lot of your time.

Why do you keep running into this? Answer: your IT Provider does not have a defined checklist in place to standardize the procedure. That’s it.

On the flip side, if access is not defined by the user role (secretary, lawyer, etc.), then you could have a newbie accessing payroll for the entire company. That’s something we see all the time when we bring on a new client. We fix this right away, but the variation of not having a checklist in place causes immediate and long-term disruption for your employees and business.

Offboarding

A user is getting fired. This is unfortunately prevalent at law firms of all types and sizes. They need to be removed from your systems ASAP! Great. What does that mean?

  • Their email?
  • What applications were they using?
  • Do they have door access?
  • Can they access anything from their personal devices?

There’s a lot to consider.

Fortunately, a defined offboarding checklist based on role will solve this problem. We’ll get into more examples with a checklist you can adapt below, but let’s cover WHY this is important first.

If a user needs to be offboarded quickly and the technician does not thoroughly review the documentation of everything that user may have access to, they will drop the ball.

However, if they have an offboarding checklist that spells out all the things they need to remove, they’ll get it done.

If the ball is dropped, you may have a user that still has access to their email, your systems, third party applications that you’re still paying for, and physical access to your building. Yet this is still missed all the time!

How do you solve this problem?

If you have a proactive IT Partner, they’ve already gotten with you on what they need to create this checklist. However, if you’ve read this far into this article, then you probably don’t.

Here are two considerations before we go over the template:

  1. This is going to vary greatly based on the firm: give it the time and attention it needs. What unique systems, applications, etc. do you have in your business that need to be removed for exiting users?
  2. There will be some items that the IT Provider completes and other things your internal staff needs to complete. We’ll get into specifics below.

Employee Offboarding Form:

Name: _____

What date with this need to be completed: ______

User role: _______

(Managed Service Provider Tasks)

  1. Remove Microsoft 365 account
  2. Turn into shared mailbox and forward to: (manager email account)
  3. Remove User from (Practice Management Software)
  4. Remove phone license
  5. Route this number to:______
  6. Remove Adobe license
  7. Does Wi-Fi password need to be changed?
  8. Remove User from (Web based Application #1)
  9. Remove User from (Web based Application #2)
  10. Notify (Vendor #1) to remove user

(Law Firm Tasks)

  1. Disable door key cards / change door access codes (if applicable)

Now, there are a lot of additional considerations when offboarding a user from the law firm side. However, this is the IT Checklist, as these considerations all impact the integrity of your systems (including physical access to the building).

This simple checklist can be tailored for your organization and used to immediately improve your employee onboarding and offboarding procedures. The entire exercise should take less than 30 minutes with your IT Provider and will undoubtedly save you countless hours and a lot of money.

It’s worth the effort!

Conclusion

You did it! I know that was a lot, but the fact that you’re making the extra effort to review this resource means you take the security of your firm seriously.

Here comes the inevitable plug. If your IT Provider has NOT discussed this with you and you think this system could work for you, please reach out. We specialize in supporting law firms in the Salt Lake City metro and we can ensure your firm is secure and your employees have the tools that they need to drive productivity and profitability. No more hitting a wall on Day 1!

Photo by Ron Lach : https://www.pexels.com/photo/elderly-man-and-screen-with-information-that-his-services-are-no-longer-needed-9830810/