Slashdot Mirror
Ask Slashdot: Dealing With User Resignation From an IT Perspective?
New submitter recaptcha writes Today one of my fellow workers has announced he has found another job and will be leaving our company in two weeks' time. This is all above board and there is no disgruntled employee scenario here; he is simply working through his notice period and finishing up some jobs. I have already set some fileserver folders to Read-Only for him and taken a backup of his mailbox in case he empties it on the last day. Which best practices do you follow that will prevent a resigning user from causing any damage (deliberately or not) in these last days of employment before his account is disabled?
Get him to delete anything personal, because chances are his co-workers are going to be asking for access to his files and emails so they can continue whatever work he was in the middle of.
If he is not a disgruntled worker just work with him to set up expectations from the IT side of things. Do you expect him to turn his computer in? When? Should he delete files off? Yes/No? I think most people would be happy to work though an exit checklist and it would make you seem really organized. But if the employee has it in for you, then you may want to do more than that. But it looks like you've already made back ups of things that you think may be important. In any case, I would formulate a standard policy for people leaving the firm. So that they have clear expectations on what needs to be done on the IT side of things.
You have fucking backups right?
What's he going to remove from your access that's critical to you, under that scenario?
Don't bother with all that shit, and if you think he may do something malicious (e.g. send out inappropriate emails, steal the customer database, etc.) then shut him off now and pay him to "work" his last few days out at home.
But putting fileservers on read-only in case he does damage? That just tells me that you have no concept of data resiliency anyway.
I've known many people who have tendered resignation letters and are then immediately ostracized by the company, security follows them around everywhere, they're asked to leave the building immediately, etc....
Don't do that. If this person wanted to cause damage, he would do so without announcing his resignation. Take some precautions, but don't treat him like an outsider. He's still an employee during his notice period; treat him like one.
Remember, he's leaving somewhere where he spent a good 1/3rd of his life. Change is not easy, and paranoid asshole-ish behavior makes it 100x as hard. Plus, you want him to be an ally to your company in the future, and not a potential enemy.
There should already be backups in place and security safeguards to keep such an employee -- as much as possible -- from causing harm. Employees leave all the time, planned or unplanned, willingly or not. Certainly you want to make sure all their uncompleted tasks are turned over to someone else, but preparations should have already been in place in case health problems or personal issues cause a sudden departure.
===== Murphy's Law is recursive. =====
Every time I've known I was going to turn in my notice, I end up going through everything and cleaning out any personal stuff and clean up my mailbox before the letter ever gets put in. You never know if you'll be given the opportunity to do that once your notice is in. If there's anything that needs to be saved, it's a good idea to keep a rolling backup of it now on everyone. That way, when someone turns in their notice (whether everything is above board or not), you have everything you need and you're not scrambling to catch it before the employee deletes it.
He's leaving willingly. Why be an asshole? It's not like he's being fired.
See my other post "Don't be an asshole". If someone wanted to wreck the house, they'd do it without a resignation letter.
This is a wonderful why to treat someone you've likely worked with for years, and would put in a good word for you should you be looking for a job in the future.
Seriously? He's resigning willingly. He's not being fired. Don't be an asshole.
Well, it may be poorly worded, but I have seen several places which have the blanket policy of not keeping people around for their last two weeks.
They're not quite so confrontational about it, at least not directly ... but the assumption is "you've resigned, we no longer care or trust you".
Some employers treat giving your notice as your last day, even if that means they pay you for that time and don't see you.
Lost at C:>. Found at C.
You don't change access unless management says so in writing. If you take any action without instruction and screw up (forget to remove access or remove too much) YOU are now in the hotseat.
If there are concerns, the company should revoke access immediately and pays out the notice period.
If there aren't any concerns, why the extra scrutiny now? Any data theft or time bombs have already happened.
Take him out for a beer/whatever and wish him well. Maybe you'll need the contact in the future.
Google Apps gives you the option of moving the files to another user upon deletion.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
It isn't like he is going to be productive anyway. Lot's of companies do this, nothing personal. Have a nice little staycation on us.
I am very small, utmostly microscopic.
Removing access immediately is important for 2 reasons. The first is obviously security. Then 2nd is figuring out what he does & making sure somebody else has that access & knowledge.
If he's still in the office & gets a call or something to fix an issue it will have to get bounced to somebody else. You'll have him available to do knowledge transfer on what he use to have access to do. If he's not in the office, but still getting paid he's still available for knowledge transfer. If he's past his 2 weeks notice, he has 0 obligation to assist you guys or provide any knowledge & training to his former employers.
Whenever I give notice I expect to loose my administrative access pretty much immediately. I've already backed up anything personal. I feel no disrespect when it happens. Seriously? Boho, you are giving me 2 weeks of paid vacation time, cry me a river. It's slightly annoying if I'm still around for those 2 weeks with no privileges to do anything, but I know exactly why they have been removed. Being ostracized is one thing (and not really kosher), but merely having admin credentials revoked should be expected.
As far as a security issue goes, any competent disgruntled sysadmin has already done the done the damage or set the logic bomb before they have given their notice. Still, better safe than sorry.
If that's the case, don't be a dick about it. Instead of "Go work from home for the two weeks because we're afraid you're going to fuck us over." Say, "Enjoy the next two weeks of paid vacation on us as a parting gift. Best of luck on your career."
Both accomplish the exact same thing, but one of them doesn't create dicks out of good employees. I mean what's the chance he's going to be productive those two weeks anyway?
When I read the subject line, I assumed the definition of resignation to be:
'the acceptance of something undesirable but inevitable.'
This describes the attitude many users have toward the IT department.
Have gnu, will travel.
Yeah just like commercial jet pilots
Pretty much any company that has to let somebody go (especially if that someone has access to critical files: source code, legal docs, etc)...there is always the "what we do to protect ourselves in case this guys goes nuts and destroys company property?"
First, only a very dumb person would attempt anything like that since that could have criminal implications. There are files that are worth thousands or millions (or whatever the company says). If our guy found a job somewhere else, he has a vested interest in leaving in the best terms...there is no gain in settling scores with the old-to-be employer at the last minute.
Second, and this is the most important factor, the discussion about mitigating the risk is interesting since it was the person who's leaving who actually put in his notice! This means, he's leaving in his term, and in the exact time frame his chose. This means, he could've cause all the damage he wanted _before_ resigning, not after all eyes (including the OP's) are on him!!! Of course nothing guaranties the guy wouldn't go nuts and do something stupid in the last minute (see German pilot in the new currently). We just have to keep our fears in check and make sure all parties are respected and be civil about the whole thing. As previous posters mentioned, there should always be a rigorous back-up policy in place so anything that gets deleted by ANYONE can be recovered fully and no interruption occurs in production. It shouldn't matter if a user put in a notice or not. This is why some large companies just don't give access to the C drive for their users...My Documents is on a mapped drive that gets backed up.
Gardening leave is usually about having time for someone else to be forced to look at their work and ask questions while they're still around on payroll.
I understand what you're saying, and generally I agree.
But as often as not it is HR who is the ones enforcing the policy of "get him out the door now".
But many many places treat departing employees as liabilities to be removed as quickly as possible.
It can most certainly be the case that HR is the ones who are treating you like a pariah, and acting like dicks. So, good luck with changing that.
Lost at C:>. Found at C.
And it's a terrible way to go about things.
Treating exiting employees like criminals when there's no established reason to doesn't improve workplace security - it just means that the person outside your company with the most current stories about how you operate has a story about how you treated them badly.
You should absolutely be able to revoke people's powers, etc, but that's an "after they've left" step. Any damage you think you're preventing, they've already had the opportunity to do.
companies in the US no longer DESEVE 2 weeks notice. the rules are no longer valid; they won't give YOU notice. don't give them any courtesy they won't give you.
there is no loyalty anymore, so why play old games that are no longer valid?
you are a cog. you are just a worker.
just leave on the say you give notice. business is business, tell them you need to do what's best for you and that means leaving today.
they won't give you the same respect they 'expect' from you, so don't give it to them (anymore).
sad that its like this, but IT IS. only newbies and fools have loyalty to companies, now.
--
"It is now safe to switch off your computer."
. ... etc., etc.).
For example. Be transparent with any equipment lists that document what equipment are in the employee's possession. Share the list at least yearly with the employee so there are no surprises (and the resulting badness) if an employee leaves. There is little else that generates ill feelings than an out of date equipment list for an employee (what do you mean I have to turn in that laptop? I turned it in two years ago. What!?!?! You want me to pay for it?
Provide a great work environment so employees don't want to leave.
Look at what you think concerns you when an employee leaves, and then think about what you should do while the person is an active employee to prevent your concerns from occurring.
Don't solve the problem after it occurs, prevent it from occurring.
You have data backups & resiliency in place as a matter of policy, right?
What's policy (probably HR's responsibility) for this scenario? That's what you do: follow policy, nothing more, nothing less. If there's no policy or procedure, then you do exactly that: nothing.
Don't improvise. This is an HR issue. You have NO idea what legal or other policy minefields you're stepping into. There are only downsides for you.
If management trusts the person, and he is leaving on good terms, then you don't need to do anything unless directed to do so.
You could make sure you have plenty of backups. But you should already have them.
I'll see your senator, and I'll raise you two judges.
Why are you suddenly panicking and treating him like an asshole now he has anounced his resignation?
If he had ever had the intention to Do Bad Things(tm) why don't you think he also had the smarts to plan ahead and do it the day before he quit?
And also.. backing up his email in case he deletes his inbox/sentbox? Are you serious? Why don't you require that this should be deleted when he leaves? Most people do that on leaving just for their own personal security purposes. In fact many compnaies specifically require existing employees to explicitly not keep emails beyond some period. His email may well legitimately include personal stuff such as from HR that he should reasonably expect to be kept private, i.e not archived potentially permanently for perusal by IT staff anytime later.
This is the way it's done in large enterprises where they have done risk assessments and looked at their own history of related problems.
Maybe it is their history of treating their employees like numbers that has caused the related problems in the past.
Yeah right. If you were giving notice and you were planning on stealing or sabotaging, would you have not done it already?
I was once laid off. After I was told, I went back to my desk, had some coffee, checked in the code I was working on.
Once I was illegally fired, the company's network had some back doors (not put in by me). If I wanted, I could have wiped every machine in the company, or encrypted the entire hard drive, left them running until all the backups were corrupted, then take them down.
It all depends on the person you hire. If you hire someone who is technically good, if they want they will find a way to burn you. It all depends on the moral fiber of the person.
Fight Spammers!
I always think that if a company treats people that way, the company or its management probably did something very bad and are afraid of the consequences. Because a company that treats its co-workers like normal people shouldn't have to act that way. Unless even basic security measures aren't in place. Both are reasons to leave for greener pastures while you can.
Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
People start and leave jobs for a variety of reasons. Maybe their spouse got a giant promotion but had to move. Maybe their parents are ailing and they are moving closer to take care of them. Maybe they just want to do something new, or change careers. There's a multitude of perfectly rational and otherwise sane reasons people change jobs.
Why are you even considering treating them like an asshole? If they have given their notice, they should be finishing things up. If there's a project they are working on that will not be completed, they should be working with who is going to take it over to transfer the knowledge. They should likely document anything they did that wasn't documented. So on and so forth. Maybe you go out of a good bye lunch or get a cake to wish them well in their new endeavor. But why treat them like an asshole? Who knows, maybe your firm will start going the wrong way and they will get you on at the new place.
Once they are gone, then you should have a procedure to deactivate the account, delete files, shut off email, have inbound mail forwarded to their old manager, etc.
If you DO think they are going to do stupid things, then they should have been fired a long time ago. But if they are just leaving with proper notice, you likely don't need to do anything special.
Last time I gave notice and worked 'til the last day people plain forgot that I was leaving.
If you trust him, work through his last days as usual, just switch him to hand-over tasks instead of new work.
If you don't trust him, walk him out now and revoke all access.
Comments like this leaving me wondering why anyone should bother giving two weeks notice. Just tell the company at the end of the day, "I'm leaving and not coming back."
I've been around the block a few times, and I have many times seen the situation where someone leaves a position and later comes back to work for the same employer. For better or for worse, not giving your 2 weeks is considered "burning the bridge".
Besides, what do you lose by giving 2 weeks? Worst that happens is you get 2 weeks' pay for doing no work.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
This. Last place I worked, I gave about 3 weeks notice (I said "x day is my last day" essentially) and emphasized in my resignation letter my full intent to continue to be as effective/useful to the company as I could for the full duration of my notice.
A higher-up drove 45 minutes from the head office to greet me on the last day of my notice to thank me personally and shake my hand because HE HAD NEVER SEEN ANYONE ACTUALLY DO THIS BEFORE.
EVERY SINGLE one of my coworkers saw this, mind you. I guarantee it made an impression, because they all couldn't stop talking about it the rest of the day.
When an employee resigns on non-hostile terms, don't treat them badly, instead show them how much you value them. It sets a great example for the remaining employees, and boosts morale across the board.
Shame that job paid so badly, I really liked the people there...
That is not at all what the person stated. If the company gives you a car for sales calls and you get busted getting a prostitute (again?) after hours the company has the right to know. Further they can be held liable for all kinds of nice damages since you used their car to get the prostitute. Impound fees you may no longer be able to afford, STD tests because the prostitute accused you of being dirty, pregnancy test for the prostitute, HIV testing if you got saliva on a cop, etc...
Some people have this notion somehow that digital devices are different somehow, but in reality they are not. Your computer and network is yours. A company can't go through your stuff as they wish, and you as an employee can do what ever you want on your computer and network. Using a Company network gives the company the right to snoop the traffic and see what you are doing. Using a Company device gives them the ability to know what you do on that device (PC, Tablet, Phone, etc..). Liability is an essential concept here.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
I worked for a company like that for a while; complete and utter bastards to work for. What that sort of behaviour towards their employees got them was a complete lack of any loyalty whatsoever. Since they were also a bunch of idiots who never planned anything, and always bodged things to run until the next last minute bodge, then however motivated a saboteur might have been, it would have been rather difficult to think up any action which would show up against the background level of incompetence, malevolence and managerial stupidity.
Most people simply got out of the door quickly, and took care never to work for them ever again, figuring that the company would come to an eventual bad end. It did, as things turned out, and the UK law would still like to have a long, comfortable chat with the company directors in the unlikely event of them ever setting foot in the EU again.
My take on easter eggs and sabotage like this is simple: DON'T DO IT! You never know when you might need a reference or a job involving some of the people in that last job, and it helps to have maintained a professional aspect and outlook throughout whatever shenanigans led to your departure. People tend to appreciate that sort of thing, and it also gives you the moral (and legal) high ground subsequently. It also means that you're not forever after worrying about whether the law are after you for unspecified crimes, and if you're the worrying sort like myself, it helps not to give yourself anything much to worry about in future.
My first job out of college was a small manufacturing company with about 30 in the front office. A new CEO came on for "new direction" crap blah blah. Anyhow the VP of Sales quit. It was on good terms but he'd had enough of the new direction. Owner, president, HR, everyone liked the guy. I was notified first thing AM by HR & CEO, and I asked them if I needed to lock him out of systems and email. They both said "no no we're going to give him a few hours to clean up." He brought contacts, and he deleted them and all emails from outlook and wiped his company iPhone. I get back from lunch at 1:00 to the CEO screaming at me for letting him wipe the phone. I said, umm I asked you and you told me to give him a few hours, and his reply was obviously "you shouldn't have listened to me, your the expert!" Moral of the story - even if the higher ups say don't worry about it, worry about it (assuming you could be blamed).
This is actually a great way to test how an employee's absence will change things. Ask him (or her) to spend a day or two cleaning up their own stuff both physical and digital, then being "on call" the remaining time, checking his corporate e-mail once or twice a day. Have the remaining employees go ahead and start dividing up his work and see where things come to a screeching halt, and sending him questions via e-mail. This way, he's still on payroll if they realize that they need his help, and you can slowly remove his account's access to see if any process somehow got tied to it. Once he's formally gone, it will be a lot harder (and likely more expensive) to get his help.
Seems like a win-win-win to me. Sure, you can have him write up how-tos and manuals for stuff he thinks others will need to do that he once did, but trial by fire would be much better at identifying gaps while you still have a proverbial fire department sitting right outside.