04:05 GLOBAL
Best Practices for Secure Onboarding and Offboarding To mitigate the risks associated with employee transitions, organisations should consider the following steps: 1. Develop granting and revoking access rights, ensuring that employees have appropriate access levels during their tenure and none upon departure. 2. Automate Processes: Utilise identity and access management (IAM) systems to automate the Comprehensive Policies: Establish clear procedures for
NIST Cybersecurity Framework - Developed by the National Institute of Standards and Technology, this framework highlights the importance of identity management and access control, advocating for the revocation of access for departing employees. GDPR : This European regulation mandates that organisations protect personal data from unauthorised access, making it imperative to terminate data access for former employees to remain compliant. Industries handling sensitive data, such as finance, healthcare, and government sectors, are particularly vulnerable to the risks associated with poor employee onboarding and offboarding. Ensuring compliance with relevant frameworks in these industries is not only a regulatory requirement but also a critical component of risk management.
retrieve company assets, including access badges and devices. 4. Regular Audits: Perform periodic audits of user access rights to ensure that only current employees have access to necessary systems and data. 5. Security Awareness cybersecurity policies and the importance of safeguarding sensitive information throughout their employment. Conclusion Training: Educate employees about potential consequences of inadequate employee offboarding procedures. By adhering to established cybersecurity frameworks and implementing robust onboarding and offboarding practices, organisations can significantly reduce the risk of insider threats and protect their valuable assets. The British Museum incident serves as a stark reminder of the
provisioning and de- provisioning of user access, reducing the likelihood of human error. Interviews: Use exit interviews to remind departing employees of their confidentiality obligations and to
3. Conduct Exit
30 I 04:05
GLOBAL PAYROLL MAGAZINE ISSUE 9
Made with FlippingBook - Share PDF online