• David Moore

When someone "leaves" <ahem>...

Every now and then someone has to be cut out of our computer lives for one reason or another.


I am not here to judge or probe why. What I am here to do is suggest things you need to do with your computers and other IT related resources to keep that person gone...well, out of your stuff anyway.



In the past I blogged about what to do if you break up with your IT help person.


https://www.ihatemypc.com.au/post/2019/08/06/so-youve-broken-up-with-your-it-guy


A lot of what I wrote there applies here but I am going to discuss some extra considerations based on some recent examples I've had to deal with.


The major issue is security. What did this person have access to and what may they still have access to even though they have left the building?


Before you disable, delete or otherwise disconnect this person from your business/life you need to consider carefully what they may have on "their" computer or various accounts (Dropbox, Onedrive, MS Office 365 etc) that you will need to retrieve, recover or backup in some way.


Obviously, depending on the nature of the departure, this is something you may need to consider before the person even knows they are leaving. 😧


A lot of damage can be done if a malicious person wants to change passwords, encrypt drives and delete data before you can get to it. Read, $$$$, business loss, wasted time and more.


You'll need to do an audit of what they've got, what they have access to and how they access it.


For example, recently an IT company hosting Office 365 for one of my customers deleted a user account as requested.


Unfortunately that account was used as an online login to a PC. With the online account gone, and improper (obsolete) recovery information recorded, the machine could not be accessed for many, many hours. (The IT company had to restore the account and deal with the ramifications of subsequent actions around that user's data.).


If the user account on the PC had been made a local account before the account was deleted, and the password changed to something known and recorded locally, the removal of the online account would not have prevented access to this machine.


You need to ask your IT person to carefully check what is the safest and best order in which to disable and delete things so that problems like the one described above don't occur. The primary objective is to not lose any valuable or business critical data and to ensure that business can continue as close to normal as possible.


If time is short and you have to move quickly, then ideally you want to change all your passwords and ensure that any recovery information or settings no longer reflect any credentials for the person who has left. But this can have massive ramifications so tread carefully.


For example, most accounts these days have password reset options for when a password is forgotten.


These options include mobile phone numbers (so that reset codes can be sent to the account holder), alternate emails addresses (to send recovery and reset information to), personal details so that entering say a birthday and other details will let you back in despite NOT having the password...and so on.


If you just change the password, a malicious person could just as easily perform a lost password reset and lock you out!


It is a bit of a catch-22 in that the better you are protected from malicious outsiders, the harder it is to rightfully gain access to your things when you forget or otherwise lose access. We can't have it both ways.


It is a messy and complex situation that is very different for everybody, so I won't try to explain in detail how to precisely go about handling all this.


Instead I'll list some points and prompts for things you should consider and/or raise with your IT person as the applicable time.


1) Have an EMERGENCY Admin local account user on each machine. It is a simple thing to have an extra local (not online) Administrator account on each computer. It must be password protected and you must properly record and save the password for this account (like you should for all accounts actually). This local admin account will allow you to log into the machine in the event of a user account error or online login snafu as described above.


2) Manage all your passwords better i.e. properly. If everything has a good, strong and unique password then the drama of "changing all passwords" can be limited to "only those passwords they knew".


3) Check that multi-factor authentication is set/revoked accordingly. Many logins now require a second factor of verification before they'll let you login. Think something like your bank dongle or the SMS you get when you try to spend money on Paypal. These are great for your security but can backfire if not properly revoked before someone leaves and takes your second factor of authentication with them!


4) Ensure that all online and other services have up to the date and correct recovery information recorded. This is something that needs to be done regularly or proceduralised to happen when certain things change e.g. bank account signatories, mobile phone number changes, email address changes etc. These things are set to get you out of jail but if they are wrong then you stay in jail.


5) Change/revoke and wifi passwords. Most of us have networks and WiFi these days and it is easy to lose track of who has access and potentially how fare passwords for the WiFi may have spread. Any WiFi networks that are public should regularly have their password changed. This is to stop people from parking out front and using your bandwidth when the premises is closed and they aren't even a customer. This may not sound like a big issue in these days on unlimited internet, but the real problem is the dent these accumulating numbers of users may put in the internet/network speeds. Regularly changing the public wifi password kicks the freeloaders off and potentially gets customers to come back (even if it is just to ask for the password at least you know 😉).


6) Your wired networks need to be checked by your IT person too. Depending on the size and complexity of your network there's a chance that some undesirable things may be public or otherwise accessible. It is easy enough to plug into a network socket and get straight onto your network. If access control is not managed properly than anyone plugged in could see anything you have on your network.


7) Routers, Modems, Access Points need to be password protected. Any piece of hardware that has a built in management interface needs to have its own unique password set. Record and save those passwords properly, as outlined above, because losing them means a reset to your network. This may mean starting from scratch in a lot of ways. If your departed friend has any of these passwords then change them ASAP.


8) Check and disable any remote access tools. Remote access tools such as Teamviewer, Remote Desktop, AnyDesk and the like can let a departed friend drive your computer like they were sitting at your desk. Many scams and much damaged has been caused by people logging into their old office from home late at night.


9) Any web site logins or web based services should be checked to ensure that user accounts for departed users are disabled and if it is a shared account of some kind, the password changed. The scope of this could be enormous as most things are "cloud based" these days for example...

  • Accounting, Xero, MYOB

  • Dropbox, OneDrive, Sugarsync, Google Drive etc.

  • Gmail, Hotmail, Yahoo Mail, Skype, Messenger

  • Antivirus software, Malwarebytes, Norton, Mcaffe, Trend, AVG etc.

  • Backup software, Backlaze, Acronis, iDrive

  • eBay, Paypal, Banks, Web hosting, Domain names, Wix, Go Daddy

  • Newsletter and Survey systems , Mailchimp, Survey Monkey

  • Streaming services, Netflix, Spotify, Youtube

  • Hosted office suites, G-Suite (Google), Office 365 (Microsoft)

  • Web browser logins, Firefox, Chrome

  • Apple Pay, iTunes, Google Play

  • Social media, Facebook, Instagram, Twitter

  • etc. etc.


10) Make sure email accounts are disabled (NOT DELETED) and the password on them changed. Most people collect email on multiple devices these days. Just deleting a user from a pc or other device doesn't necessarily stop a mobile phone from still getting those emails. There will probably be a period of time where you still need to receive email for the account of the departed so just deleting it immediately can cause you some pain.


11) Make sure sure any VPNs you may have set up for your team to remotely access your network are changed to exclude the departed person. If you don't do this then they may as well be sitting on your lap in the office. A VPN is designed to let them in as if they were there. So talk to your IT person about how to revoke their access.


12) Remove their details from any recurring payment based services and replace them with valid payment details. This often happens in small to medium business where no company credit card exists and employees are forced to use their personal one just to keep working. While it may seem nice to have them paying for your stuff, when they pull the pin and your services just stop you could be in quite the pickle. There may even be a case for them to claim compensation and potentially ownership of things...I dunno what, ask your lawyer. Just get a company credit card for the love of Mike!


13) Clarify any relationships they may have had with your service providers. If old mate used to talk to your hosted services company for you, or your bank or whoever and you don't tell those folks that they don't speak for you any more, then ...you can join the dots here I am sure.


I hate to end on 13. Not for me of course, I couldn't give a rat's, but I am sure some of my readers are triskaidekaphobic.


I am also sure there's more to be considered but this is a good start to a dull and unpleasant subject.


Your circumstance will almost certainly differ.


Tread carefully. Need I say "backups"?


Don't worry, it wasn't you. It was them ;-)


David



I Hate My PC

You know we understand

Call 0410 318 325

© 2018 by I Hate My PC. All rights reserved