SSC Toolbox Social Source Commons Blog

Nonprofit Tech, Tools and Social Media

A program of Aspiration 
Aspiration 

Breakups are Hard: Departing Staff and Tech Security

Admin Cat

Photo courtesy of zebedee.zebedee

Ending any relationship is hard. Creating a standard set of processes can ease the pain of the schism. When a marriage ends, there are legal filings, transfer and division of property and the surrendering of keys and changing of locks to ensure security. When an employee leaves your organization, similar processes should also take place. A two week notice is filed, position-specific information is passed on and access to the office and organizational accounts are surrendered to ensure security.

At least in theory…

Temptation: Organizational Data for the Taking

Recently, I left another job at a nonprofit organization to start a position doing great work with Aspiration. Like the most sought-after break-up, the split was amicable and we remain friends. So, when I noticed, a week after leaving, that I still had access to my former email through Google, I was concerned, but not alarmed, “They are busy, someone will get to it,” I thought. Then, when I noticed that two new employees’ email messages were showing up in that email’s inbox, I became a bit more alarmed. Although the ability to spy on my replacement was intriguing, it was not good for my sanity and violated the privacy and security of my former employer. But the fact was that I could.

Big ol’ Red Flag

In an effort to alleviate any ill feelings should they find out that I had access to all this information, I put on my Aspiration hat (not my halo) and emailed the office manager to let her know about the problem. I sent this link to the Google apps help forum that offered one possible way to remove my user access. She thanked me for the heads up, said it would be taken care of right away and threatened to de-friend me should we not meet for lunch whenever I’m in town. It was completely painless and I was relieved to find later that night that I could no longer access my former email.

Making Sure Your Organization’s Data is in the Safe Zone

It’s important for organizations to have a well-defined user-tech separation process when changing staff. Changing passwords, revoking access, forwarding email addresses… These are all best practices to ensure that your organization is in the safe zone. With tools like Google, this process becomes an even stickier situation because the line between personal accounts and professional accounts is so fuzzy. Having your professional account tied to your personal Google account can streamline many work processes when you work at an organization. But when you stop working there? That convenience blurs the line between personal and organizational assets and adds another layer of ties that need to be cut when an employee departs. If you are not careful, you may find yourself searching Google apps help forum for this, “Disgruntled former employee hijacked account, deleted email, docs, calendar, can’t re-create…

To avoid this horrible fate, try, as much as possible, to keep organizational assets (this includes accounts, access and most importantly DATA) as organizational assets. The best way to do this is by being prepared. Here are some tips to safeguard your organization:

  • Have forwarders for outside accounts. When an employee leaves, delete their forwarder.
  • Change passwords on a regular basis. Depending on your organization, anything from quarterly to monthly to even weekly may be feasible. Make sure that part of your “Losing an Employee” workflow is changing the passwords. For more tips on passwords, check out How Do You Manage Your Passwords?
  • Limit, as much as possible organizational accounts and access being attached to personal accounts and access (e.g. Do not use personal email addresses for work purposes.)
  • Lastly, take a second, open up a text editor and draft a plan about how to sever online ties to former employees once they move on. Every organization has different fingers reaching in different places online. Make sure your plan addresses the specific characteristics of your organization.

What does your staff-tech divorce procedure look like?

What ways do you ensure organizational security and ownership online?



Connect with SSC


RSS Feed  Twitter  Facebook

Aspiration Publications