This is a helpful checklist for what types of services you need to remove someone from or downgrade access to in the event of an employee leaving the company.
Oddly enough, being a Web Dev vendor, we often end up staying with a client for very long periods of time. We have some clients coming up on a solid decade retaining us. As you can imagine, in that amount of time employees come and go. Sometimes it is a graceful exit to a new job or retirement but other times it is termination / firing. It can be critical to expeditiously remove the ex-employee access before they cause harm out of spite.
Even if post-exit malicious harm isn’t a danger, proper access-removal or privilege demotion is just good corporate hygiene and best practice for security.
This checklist can’t be all-inclusive but going through it should help you ensure you are ticking all the boxes for removing an employees web marketing / development access…
Content Management System
- WordPress – typically you would just change the user level from admin to subscriber level because deleting the user may delete posts attached to it.
- Is there an Intranet or other company websites they might be on?
- For us this is WPENGINE. It could be something like HostGator, Bluehost, LiquidWeb, Flywheel, etc.
- Google Analytics, Google Search Console, HotJar, Woopra, etc.
- Google My Business listing
- Google Optimize (or other AB testing tools)
- MailChimp, Constant Contact, Active Campaign, MyEmma, etc.
- Email account for company emails
- Change password
- Forward their email address to an individual or team who is responsible for assuming their responsibilities
- Potentially review recent sent email
- Point of Sale system
- Project Management tools like Basecamp, Trello, ClickUp, Jira, etc.
- Accounting software
- Podcasting tools
- Are there “seats” or spots on software tools that can now be freed up?
- Change passwords on any shared accounts they might have access to.
- Search their name or email in your password storage vault (E.g LastPass or 1Password)
- Search their email and the words “login” or “password” in your email inbox to see what they may have been given access to.
Beyond this list, a good place to start is asking other vendors or employees that may have worked with them for other places you might need to address.