This includes putting automated processes in place that, after adequate approvals, can quickly and cleanly deactivate all accounts associated with a particular employee.
“Largely, it is on the IAM team’s shoulders to create the automated processes and up to the HR department to enact those processes when appropriate,” explained Jon Gulley, senior application security penetration tester at nVisium.
Gulley said a strong endpoint security program can largely mitigate the risk of data loss by having full disk encryption and remote wipe capabilities for all company devices.
On the administrative side, a new personal account for access to HR and benefits functionality may need to be created if one is not already in place, while email and other communication channels should be forwarded to a manager who can handle the transition of responsibilities.
Any company hardware in the employee’s possession must be repossessed or backed up and wiped remotely, especially if endpoint encryption is not in place, Gulley added.
“IT security staff should have ready-made processes that can be enacted quickly and easily by the HR department with appropriate confirmations, such as that from managers along the way,” Gulley said. “Any remaining access should trigger the creation of a high priority ticket to have the access removed manually.”