336-886-3282[email protected]
Preferred Data Logo
Schedule

Employee IT Onboarding and Offboarding: Security Checklist for NC Businesses

Complete IT onboarding and offboarding security checklist for NC businesses. Prevent data theft from departing employees with proper access revocation. Call (336) 886-3282.

Cover Image for Employee IT Onboarding and Offboarding: Security Checklist for NC Businesses

Employee IT onboarding and offboarding are critical security processes that, when done poorly, expose North Carolina businesses to data theft, unauthorized access, and compliance violations. Research shows that 83% of former employees retain access to company accounts after departure, and 70% of intellectual property theft occurs within 90 days before an employee's resignation.

Key takeaway: According to Beyond Identity research, 89% of employees retain access to sensitive corporate applications after leaving, while a Ponemon Institute study found that over 50% of former employees admit to taking information from a previous employer. Proper IT onboarding and offboarding procedures are not optional, they are essential security controls.

Need help securing your employee transitions? Preferred Data Corporation provides managed IT services and cybersecurity for North Carolina businesses, including automated provisioning and deprovisioning. BBB A+ rated with 37+ years of experience. Call (336) 886-3282 or schedule your consultation.

The Security Risks of Poor Offboarding

For Piedmont Triad manufacturers, Charlotte professional services firms, and Greensboro businesses of all sizes, improper employee departures create immediate security vulnerabilities.

By the Numbers

The statistics paint a concerning picture for NC business owners:

  • 83% of former employees continued accessing accounts at previous employers after leaving
  • 63% of businesses may have former employees with access to organizational data
  • 70% of IT decision-makers say deprovisioning a single employee takes up to an hour
  • 88% of IT workers stated they would take sensitive data with them if fired
  • Nearly one-third of employers have suffered website hacks due to ineffective offboarding

Real-World Consequences

Poor offboarding has led to significant incidents:

  • A terminated employee at a medical center retained remote access to patient records, resulting in a $111,400 HIPAA fine
  • Former Tesla employees leaked data of 75,000 users to media outlets
  • A mobile payments company employee downloaded personal information of 8 million users after departure

For North Carolina businesses subject to NC data breach notification law (GS 75-65), any unauthorized data access by former employees could trigger notification obligations and regulatory scrutiny.

Complete IT Onboarding Checklist

Secure onboarding establishes proper access from day one, reducing security risks throughout the employee lifecycle.

Pre-Arrival Preparation (1-3 Days Before Start)

Hardware and Equipment:

  • [ ] Provision laptop/workstation with approved OS image
  • [ ] Configure and encrypt device (BitLocker or FileVault)
  • [ ] Register device in Mobile Device Management (MDM) system
  • [ ] Assign monitors, keyboard, mouse, and peripherals
  • [ ] Provision company phone if required
  • [ ] Prepare building access card or key fob
  • [ ] Set up desk, docking station, and network connections

Account Creation:

  • [ ] Create Active Directory or Microsoft Entra ID account
  • [ ] Assign to appropriate security groups based on role
  • [ ] Create email account with proper distribution list memberships
  • [ ] Provision Microsoft 365 or Google Workspace license
  • [ ] Set up VPN access if remote work is expected
  • [ ] Create accounts in line-of-business applications (ERP, CRM, etc.)
  • [ ] Configure voicemail and phone system

Security Configuration:

  • [ ] Enforce MFA (multi-factor authentication) enrollment
  • [ ] Apply conditional access policies based on role and location
  • [ ] Set password requirements and expiration policies
  • [ ] Configure data loss prevention (DLP) rules
  • [ ] Apply email security policies (anti-phishing, attachment scanning)
  • [ ] Restrict USB device access per policy

Day One Activities

Account Verification:

  • [ ] Verify employee can access all required systems
  • [ ] Confirm MFA is properly enrolled and functioning
  • [ ] Test VPN connectivity if applicable
  • [ ] Verify printing and network share access
  • [ ] Confirm phone system and voicemail functionality

Security Training:

  • [ ] Conduct security awareness orientation
  • [ ] Review acceptable use policy with signature
  • [ ] Explain phishing reporting procedures
  • [ ] Demonstrate password manager usage
  • [ ] Review data handling and classification policies
  • [ ] Document completion in training records

Documentation:

  • [ ] Record all assigned equipment with serial numbers
  • [ ] Document all provisioned accounts and access levels
  • [ ] Obtain signed acceptable use policy
  • [ ] Capture emergency contact information
  • [ ] File acknowledgment of security responsibilities

First Week Follow-Up

  • [ ] Verify all application access is working correctly
  • [ ] Send baseline phishing simulation (after training)
  • [ ] Confirm department-specific tool access
  • [ ] Address any access requests or gaps
  • [ ] Schedule 30-day security check-in

Need automated provisioning for your growing NC team? PDC's managed IT services include streamlined onboarding processes that provision new employees in hours, not days. Call (336) 886-3282 or visit pdcsoftware.com/contact.

Complete IT Offboarding Checklist

Proper offboarding must happen quickly and comprehensively. For High Point, Winston-Salem, and Raleigh businesses, this process should begin the moment a departure is confirmed.

Immediate Actions (Within 1 Hour of Departure)

Account Deactivation (Priority 1):

  • [ ] Disable Active Directory/Entra ID account (do NOT delete immediately)
  • [ ] Revoke all active sessions and tokens
  • [ ] Disable VPN access
  • [ ] Remove from conditional access policies
  • [ ] Block mobile device access through MDM
  • [ ] Disable badge/key fob access to buildings

Email and Communications:

  • [ ] Convert mailbox to shared or set auto-forward to manager
  • [ ] Remove from all distribution lists
  • [ ] Disable ability to send as the organization
  • [ ] Set out-of-office with appropriate redirect message
  • [ ] Revoke calendar sharing and delegated access

Cloud and SaaS Applications:

  • [ ] Revoke access to Microsoft 365/Google Workspace
  • [ ] Disable SSO (Single Sign-On) which cascades to connected apps
  • [ ] Remove from Salesforce, HubSpot, or CRM platforms
  • [ ] Revoke Slack, Teams, or collaboration tool access
  • [ ] Remove from project management tools (Asana, Monday, Jira)
  • [ ] Disable access to cloud storage (SharePoint, Dropbox, Google Drive)
  • [ ] Remove from financial systems (QuickBooks, NetSuite)

Same-Day Actions

Device Recovery:

  • [ ] Collect laptop, phone, and all company hardware
  • [ ] Retrieve building keys, access cards, and badges
  • [ ] Collect any company-owned peripherals (monitors, headsets)
  • [ ] Initiate remote wipe on any BYOD devices with company data
  • [ ] Verify device encryption status before reuse

Data Preservation:

  • [ ] Archive departing employee's email per retention policy
  • [ ] Preserve OneDrive/cloud storage data with proper ownership transfer
  • [ ] Save any work product files to department shares
  • [ ] Document any pending projects or knowledge transfer items
  • [ ] Preserve relevant communications for legal hold if applicable

Within 24-48 Hours

Application-Specific Revocation:

  • [ ] Remove from all third-party SaaS applications
  • [ ] Revoke API keys and service account access
  • [ ] Change shared passwords the employee had access to
  • [ ] Remove from vendor portals and partner systems
  • [ ] Revoke code repository access (GitHub, Azure DevOps)
  • [ ] Remove from monitoring and alerting systems

Administrative Cleanup:

  • [ ] Update organizational charts and directories
  • [ ] Remove from company website, bios, and listings
  • [ ] Redirect phone extension
  • [ ] Update emergency contact lists
  • [ ] Notify vendors and partners of contact changes

30-Day Review

  • [ ] Audit access logs for any post-departure login attempts
  • [ ] Verify all accounts are properly disabled
  • [ ] Confirm no data was exfiltrated in final days
  • [ ] Delete disabled accounts per retention policy
  • [ ] Archive and securely wipe recovered devices
  • [ ] Document lessons learned for process improvement

Special Considerations for NC Manufacturing

Piedmont Triad and Charlotte manufacturers face additional offboarding complexity due to operational technology access:

Shop Floor System Access

  • [ ] Revoke SCADA/HMI operator credentials
  • [ ] Change shared machine passwords the employee knew
  • [ ] Remove PLC programming access
  • [ ] Revoke MES (Manufacturing Execution System) login
  • [ ] Disable quality system and SPC software access
  • [ ] Remove from safety system authorization lists

Intellectual Property Protection

For manufacturers with proprietary processes or designs:

  • [ ] Audit recent file downloads and USB transfers
  • [ ] Review email for sent attachments in final 90 days
  • [ ] Check cloud storage for bulk downloads
  • [ ] Verify non-compete and NDA acknowledgments are on file
  • [ ] Notify legal if suspicious data activity is detected

Building an Automated Provisioning System

Manual checklists work for small businesses, but Greensboro, Raleigh, and Charlotte companies with frequent hiring need automation.

Identity Lifecycle Management

Modern identity platforms automate provisioning and deprovisioning:

  • Microsoft Entra ID (formerly Azure AD): Automated lifecycle workflows, access reviews, and entitlement management
  • JumpCloud: Cloud directory with automated user provisioning across SaaS apps
  • Okta: Identity governance with automated onboarding/offboarding workflows

Integration with HR Systems

Connect identity management to HR platforms for trigger-based automation:

  • Employee hired in HRIS triggers automatic account creation
  • Role changes trigger access modifications
  • Termination date triggers automatic deprovisioning
  • Contractor end dates trigger scheduled access revocation

Role-Based Access Templates

Define standard access packages by role:

  • Office worker: Email, Office 365, intranet, department share
  • Production operator: MES, quality system, time tracking, shop floor terminals
  • Engineer: CAD, PLM, ERP, engineering shares, lab systems
  • Manager: All team access plus reporting, HR tools, budget systems
  • Executive: Full access plus financial systems, board materials, strategic tools

Measuring Offboarding Effectiveness

Track these metrics to ensure your process works:

  • Time to deactivate: Hours from departure notification to complete access revocation
  • Account discovery rate: Percentage of accounts identified during offboarding vs. discovered later
  • Device recovery rate: Percentage of company equipment successfully recovered
  • Post-departure access attempts: Number of login attempts from disabled accounts
  • Compliance audit findings: Access control gaps identified during audits

Why NC Businesses Choose PDC for Employee Lifecycle Security

Preferred Data Corporation has managed employee IT transitions for North Carolina businesses since 1987, providing managed IT services, cybersecurity, and cloud solutions from our High Point headquarters.

PDC's employee lifecycle management includes:

  • Automated provisioning creating accounts across all systems from a single request
  • Same-day offboarding with comprehensive access revocation procedures
  • Identity governance ensuring appropriate access levels throughout employment
  • Security monitoring detecting anomalous access patterns
  • Compliance documentation satisfying audit requirements
  • On-site support within 200 miles of High Point for physical device management
  • BBB A+ rated with 20+ year average client retention

Ready to secure your employee transitions? Contact Preferred Data Corporation for a free security assessment of your onboarding and offboarding processes. Call (336) 886-3282 or visit pdcsoftware.com/contact.

Frequently Asked Questions

How quickly should employee access be revoked after termination?

Critical access (email, VPN, network login, building access) should be revoked within one hour of departure. Cloud and SaaS application access should be removed the same day. All remaining accounts and access should be addressed within 24-48 hours. For involuntary terminations, access should be disabled simultaneously with the termination conversation.

Should we delete or disable employee accounts when they leave?

Disable accounts immediately but do not delete them right away. Disabled accounts preserve audit trails, email archives, and file ownership while preventing access. Follow your data retention policy for deletion timing, typically 30-90 days after departure. Some industries require longer retention for compliance.

What is the biggest security risk during employee offboarding?

The largest risk is undetected data exfiltration in the days or weeks before departure. Research shows that 70% of intellectual property theft occurs within 90 days before resignation. Implement DLP (Data Loss Prevention) monitoring and review file access patterns for employees who have given notice.

How do we handle shared passwords when an employee leaves?

Any shared credentials the departing employee had access to must be changed immediately upon departure. This includes shared admin accounts, vendor portal logins, social media accounts, Wi-Fi passwords for restricted networks, and any service accounts. Implement a password manager to track shared credential access and simplify rotation.

Do we need different offboarding procedures for remote workers?

Remote offboarding requires the same access revocation steps plus additional device recovery logistics. Use MDM (Mobile Device Management) to remotely wipe company data from devices, arrange shipping for equipment return, and verify device receipt. Consider disabling accounts before notifying the remote employee if the termination is involuntary, since you cannot physically recover devices simultaneously.

Support