We came across this article this morning. Unfortunately, this is the Norm and NOT just a one off. We run across this frequently. https://fox8.com/2019/08/31/it-worker-accused-of-shutting-down-company-website-blocking-email-after-learning-of-termination/
Whether it be changing from an “in-house” IT department to Outsourced IT services or vice versa, This sort of thing is happening daily. This article just happens to hit many who will read it literally “close to home”.
Your IT information is yours and you should have it. You should have all passwords and login credentials for your company’s data including websites, CRM, software, servers, every laptop and desktop.
Here is some “low hanging fruit” to help protect yourself and your company from this in the future.
I KNOW you don’t want this information, but you need it.
ADMIN rights should be in duplicate and verified in case of emergency. Think of your checking account, you have two signatures on it in case your spouse becomes unavailable. Same idea here!
Redundancy is key, IF your IT person gets hit by a beer truck tomorrow who has the keys to the kingdom? Small and large companies alike are using outsource IT services because you have multiple users who can work on your system with hesitation. No one failure point.
Freedom – Having your credentials allows you the freedom of NOT being tethered to one single provider or in the article’s case a disgruntled employee. Asking your IT service provider for your credentials after you work with them sends them a signal you are looking for other venders. Whether you are looking or not. If you get this info in the beginning and maintain it thought out your contract you can explore options at any point.
Protocols – Do you have protocols in place for your hiring and termination of employees and the company’s data? Most have a HR handbook that covers fighting and drug use, but is your handbook up to date on data protection?
Lastly, Ohio has new cyber legislation on the books now. CIS controls is also a great place to look for best practices.