Personnel changes are a part of doing business. Some companies deal with such sensitive data that they have complicated and expensive software systems to protect it – but for most small businesses, protecting your digital assets after a personnel change is a manual process. Here are steps you need to take to protect your small business through these inevitable changes.

Set things up right

This is easier said than done, but as the saying goes, an ounce of prevention is worth a pound of cure. Here are things to consider:

Set up a password management system. Most businesses have digital accounts with vendors of all kinds, in addition to passwords to digital resources like your website, email newsletter, Google business profile, social media accounts and more. If the person with access to all of these leaves without passing along passwords, recreating or reclaiming access to all these accounts can be an enormous hassle. Utilizing a password management system, which stores the URLs, passwords, and other relevant information to each of these accounts, goes a long way toward insulating your business from this problem.

Assign social media admin roles carefully. Different social media work differently in this regard, but when possible choose roles for employees that don’t give them complete control over the account. The “admin” of a Facebook Page should be the owner of the business, and others should be “editor” or below – an “editor” has all the privileges of an admin, except they cannot kick admins off the page or delete the page.

Create separate logins for your website. In many businesses, more than one person is responsible for updating your website. WordPress makes it possible for each individual to have their own login – so if anyone leaves, their login can be removed (leaving everyone else’s untouched).

When someone leaves

There are many reasons an employee might leave on good terms – a change in job, a change in family status, or retirement – but what if an employee is terminated and has negative feelings about your business?

Here’s a quick checklist of things to handle:

Email address. Take control of the the former employee’s company email address, and monitor it for 90 days before canceling it.

Passwords. Change common passwords, including but not limited to the following:

• VPN
• Remote desktop
• Password manager
• Server
• E-newsletter (such as Constant Contact, Mailchimp)

Social media. Remove your former employee from social media, including Meta companies (Facebook and Instagram). YouTube and Twitter have a single login and do not offer the ability to assign roles, so changing the password is required.

Website. If updating your site was among your employee’s duties, delete their login (or if you don’t have individual logins, change the password). If your website includes a staff listing and contact information, update that information as well.

Intranet. If you have an employee intranet, make sure to remove the employee’s access to it, and contact information in it.

Phone system. Remove your employee from your phone answering system, and deactivate their voicemail.

Return of any company-owned equipment. With remote work becoming more and more common, make sure you get company laptops, desktops, or any other equipment back.

Exit interview. During the exit interview with your employee, ask if there are any digital accounts or other resources for which they alone have login information.

Conclusion

No matter the circumstances of an employee’s departure, removing their access to your digital assets is important, for their sake as well as your own.