top of page

Offboarding former employees efficiently and why it's so important

As a business owner or manager, you have probably spent a significant amount of time and resources to recruit, train, and onboard employees. But have you considered what happens when they leave your company? When an employee leaves, whether on good terms or not, efficient offboarding is crucial. It’s important to maintain the security and privacy of your company's information and ensure a smooth transition for both the departing employee and the company.

Former employees as a threat

One of the biggest concerns with offboarding is the risk former employees pose to a company’s cyber security. Former employees can often be a threat because passwords are not changed quickly enough after they leave. This could give them access to sensitive information or systems, which could be disastrous for the company. Furthermore, if a former employee holds a grudge against the company, they could use this access to steal information, spread malware, or disrupt the company's operations. You would be surprised by how often this happens!

Pay problems can cause company issues

In some circumstances, ex-employees can often be upset due to pay, dependent on end-of-contract conditions. They might feel wronged by the company and seek retribution. In these situations, it’s important to offboard the employee as quickly as possible to prevent any security breaches. Encourage open conversations with all employees and ensure that they understand the importance of keeping sensitive information confidential.

End of employment meeting

To offboard an employee efficiently and securely, it’s important to have an end-of-employment meeting. This meeting should involve signing the employee out of all devices and systems they had access to, such as company computers, email accounts, and software platforms. Revoke any access codes or permissions the employee had. Change the passwords of all accounts associated with the former employee, including email, cloud storage, and company systems. This will prevent any unauthorised access to sensitive information or systems. We understand that employers need to do these things carefully and with professionalism and compassion. Although these may seem like cold things to do, you wouldn't let an ex-employee walk away with the keys to your safe, so you can't let them walk away with access to your information, records and data.

Important points to consider when offboarding employees

Data retention and destruction

It's important to have a clear policy in place for retaining and destroying an employee's data and files. You should determine what data is important to keep and what can be deleted, as well as how and when it should be deleted. There are lots of resources available for data protection on the information commissioner’s office website.

Intellectual property rights

Make sure that you have a clear agreement in place regarding the ownership of any intellectual property created by the employee during their time at the company. This can include anything from software code to marketing materials.

Legal compliance

Offboarding must be done in compliance with all applicable laws and regulations, such as employment laws, privacy laws, and data protection laws. Make sure you are aware of all relevant laws and regulations and take steps to ensure that your offboarding process complies.

Employee assistance

Offboarding can be a difficult process for employees, especially if they have been with the company for a long time. Consider providing them with support and resources, such as outplacement services, to help them through the transition.

Reputation management

How you handle offboarding can impact the reputation of your company, both with current employees and with the public. Make sure that you handle the process professionally and with empathy, and take steps to prevent any negative publicity. To summarise, to offboard a former employee and prevent cyber or IT security issues, you should follow these steps:

  • Revoke all access: Disable the former employee's access to all systems, networks, applications, and data immediately.

  • Change passwords: Change the passwords of all accounts associated with the former employee, including email, cloud storage, and company systems.

  • Disconnect devices: If the former employee was issued any company devices, such as laptops or smartphones, retrieve them and wipe all data from the devices.

  • Audit logs: Review audit logs for any suspicious activity and take appropriate action if necessary.

  • Notify stakeholders: Notify relevant stakeholders, such as IT, HR, and senior management, of the offboarding process and any potential risks.

  • Document the process: Document the offboarding process, including the steps taken and the reasons for each step. This documentation can be used in case of any future security incidents.

  • Train employees: Regularly train employees on security awareness and best practices for protecting sensitive information. This can help prevent future security incidents.

Learn how to keep you, your employees, and your company safe, and contact us today.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page