What Happens When Your Employee Leaves (and Takes Their Mac with Them)
It could happen on any given day: An employee could depart without returning the Mac device they were using to do their work. Whether you have a CYOD program, a BYOD program, or another arrangement for provisioning devices, you’ll need a way to secure this individual’s access to the company’s data and systems.
If you already have a remote, cloud-based IT management tool for Mac devices, it will come as no surprise that you have an arsenal of apps and capabilities to help you defend your company’s data and network security. For those less familiar with mobile device management, here are a few questions and considerations to help you evaluate your IT team’s readiness for this situation.
Evaluate the Situation to Determine the Right Approach
If this employee departed voluntarily but gave no notice, you can request that they return their devices within a certain time frame and provide them with appropriate logistical options to facilitate this. If that’s the case, you’ll need to coordinate your activities with HR. But there are few questions you can ask right away to evaluate your readiness:
- Have you limited their access to trade secrets, sensitive data, email accounts, and any other programs or applications that they should no longer be able to access?
- Have you secured their data and access to these devices?
- Where is there room for process improvement around voluntary employee departures?
If the employee is departing voluntarily and has provided notice, HR will need to communicate with them where to return their devices. Until they depart, you should have a protocol in place to monitor their device use to ensure that they aren’t communicating inappropriate data or taking any proprietary information with them. Of course, you should also coordinate with HR to close out their accounts. Employee data theft can happen at any point during their employment, but you may run a higher risk during this interim period.
If their departure was involuntary, the situation is more complicated. If they’ve signed an agreement that would provide them with severance pay, they may not be entitled to accessing this until they return any company devices. In this case, you should coordinate with HR and any company lawyers to make sure that everything is square.
But these are just the preliminary questions, most of which will be handled by HR. One of the big questions you should be able to answer right away is…
What Can You Do When an Employee Walks Away With a Mac Device?
If the device was enrolled in an MDM, you’ll be well-equipped to deal with this departure. In an enterprise environment, Apple Business Manager is a powerful tool to help you make the most of your MDM. When an employee leaves a company, this program will help you rescind an application licenses or permissions, manage logins, and even device access (if enabled). The same tools that help you with Automated Device Enrollment can help you rescind permissions.
If the former employee used single sign-on, the convenience is returned to the IT team. This feature also allows IT admins to disable multiple features at once. This simple deactivation can be the difference between a data breach and a seamlessly shut-down of an employee’s account. Remote lock and remote wipe features are indispensable tools in these situations.
To help mitigate issues with employee departures (or any lost device), it’s wise to use iCloud to back up user accounts and information. While there’s much you can’t control in this situation, having an automatic back-up of your users’ data and activity can make the off-boarding process simple if you find yourself faced with an uncooperative former employee.
A Note About BYOD Programs
If you have a BYOD program, you should anticipate that the employee will keep their device, but you should also be prepared with a plan. In a healthy BYOD deployment, the terms and conditions of using that company’s information on your personal device should be laid out in plain language that the employee will be required to read and accept when the employee opts into the MDM program on their devices.
This means anyone using their own device at work should be well aware that their departure will set in motion a few steps from their IT admin, including removing any apps or information access authorized through single sign-on.
Apple Products are Optimized for Mobile Device Management
Apple devices are built to simplify mobile device management, and having a cloud-based IT management tool will help you maximize these features. In the event that a former employee walks off with one of your Apple devices, this system will help you mitigate security risks and access, whether the device is turned on, turned off, or at the bottom of a lake.
That said, we highly recommend that you maintain a set of information governance and procedures to help your team and your company take swift action to avoid data breach or theft.
Whether an employee brings their own Apple device to your business or they walk away with a company-owned machine, it’s in your best interest to establish a set of guidelines to protecting corporate data when an employee leaves and takes their device with them. This should include…
- Exit requirements that include instructions for device return.
- Defined responsibility around loss or damage.
- Requirements around the period of time employees have to report loss or theft.
- Measures to comply with HIPAA and data information regulations at the state or federal level apply to any confidential.
- Enforceable rules and requirements.
Luckily, this is where HR is your partner in device management. Working in tandem with the people who handle the human side of onboarding and offboarding, you’ll find that a Mobile Device Management program enables you to take action to secure your network with the click of a button. With remote user management for Mac devices, it’s as simple as that.