Google Workspace

Avoid data loss with proper user offboarding

Revolgy
Revolgy
May 31, 2023

Offboarding in an organization is not merely saying goodbye to a departing team member, it’s a crucial process that demands careful execution. A comprehensive offboarding plan can ensure data security, prevent unauthorized access, and preserve necessary information. Let’s explore a more secure approach to user offboarding within Google Workspace.

Preparing for offboarding: preserve and migrate data

Start your offboarding process by preserving and migrating data. Google Workspace equips you with several tools:

  • Google Takeout: Google Takeout is a handy tool that lets you download your data for offline storage or transfer it to a different service.
  • Google Drive: Transfer the ownership of documents to another account; ideally, use Shared Drives to ensure the company owns the data, not individual accounts.
  • Gmail labels and emails: These can be saved for future reference or transferred to another user.
  • Calendar events: Transfer the ownership of events to avoid scheduling disruptions.
  • MDM: Mobile Device Management (MDM) secures corporate data on employees’ devices. During offboarding, it is necessary to revoke the exiting employee’s access to company information on their device. This can involve wiping company data from the device, removing it from the company’s MDM system, or even doing a full wipe if it’s a company-owned device.
  • Access to third-party apps: When an employee leaves a company, managing access to third-party applications is critical to ensure data security. This involves revoking access and transferring ownership to another employee.

Remember, you’ve got a strict 20-day deadline post-deletion to migrate your data!

Communicating the change

Ensure the departing employee’s team and any clients or partners are informed of their departure. Provide them with an alternative point of contact within the organization to ensure a seamless transition.

Managing emails and potential data loss

An employee’s departure could mean potential email loss. To prevent this:

  • Implement a catch-all rule to capture emails directed to the former employee. The so-called wild-card email functions as a safety net to ensure no emails get lost just because they were sent to a non-existent or misspelled email address at your domain.
  • Assign an email alias to a new user who will take over the outgoing user’s duties.

 

Mitigating security risks

Before you proceed to the next stage, confirm all company property and access devices are returned. Also, ensure the employee no longer has physical access to your offices. If they use their personal devices for work, guide them through removing company data securely.

Archiving user licenses and deletion

Next, archive the user license. This readies the account for deletion while preserving the data. Once this is done, you can delete the user, safely knowing that you’ve secured all necessary information.

Potential offboarding problems and solutions

Offboarding can present several challenges:

  • Data theft: To prevent the outgoing user from downloading or sharing sensitive data, suspend their account or change their password immediately upon departure.
  • Orphaned files: If a folder owner’s account is deleted, other users might struggle to locate their files — these files are not lost but merely orphaned. Use the ‘is:unorganized owner:me’ search query to find these orphaned files.
  • Rogue employee: If an employee leaves under less-than-ideal circumstances, immediate password change or account suspension is necessary to safeguard your systems.

Revolgy offers comprehensive Google Workspace security audits to help you identify and mitigate risks during user offboarding and maintain robust data protection.

In conclusion, a strategic and thorough approach to user offboarding can enhance your data security while ensuring a smooth transition. These steps and best practices within Google Workspace can help safeguard your valuable data, a priceless asset in today’s digital world.

Are you planning to migrate to Google Workspace? Contact us for a free consultation, and we’ll find the best solution for your business.

 

FAQs

Q1: Why is a comprehensive offboarding plan important for organizations using Google Workspace?

A well-executed offboarding plan is crucial for ensuring data security, preventing unauthorized access to company information, and preserving necessary data when an employee leaves.

Q2: What is the recommended first step in the Google Workspace user offboarding process?

The process should begin with preserving and migrating the departing user’s data.

Q3: What tools within Google Workspace can assist with data preservation and migration?

Tools mentioned include Google Takeout for downloading data, Google Drive for transferring document ownership (preferably using Shared Drives), saving or transferring Gmail labels and emails, transferring Calendar event ownership, managing Mobile Device Management (MDM), and handling access to third-party apps.

Q4: What actions related to Mobile Device Management (MDM) are necessary during offboarding?

Access to company information on the departing employee’s devices must be revoked. This could involve wiping company data from the device, removing the device from the MDM system, or performing a full device wipe if it is company-owned.

Q5: How should access to third-party apps integrated with Google Workspace be managed?

The departing employee’s access must be revoked, and ownership of any relevant data or accounts within those apps should be transferred to another employee.

Q6: Is there a time constraint for migrating user data after their account has been deleted?

Yes, the text states there is a strict 20-day deadline after account deletion to migrate the user’s data.

Q7: What communication actions are essential during the offboarding process?

It’s important to inform the departing employee’s team, as well as any relevant clients or partners, about their departure and provide an alternative point of contact within the organization.

Q8: How can organizations prevent the loss of emails sent to a former employee’s address?

Two methods suggested are implementing a catch-all rule (wild-card email) to capture emails sent to misspelled or non-existent addresses at the domain, and assigning the former employee’s address as an email alias to the user taking over their responsibilities.

Q9: What security measures should be taken before archiving or deleting the user’s account?

Confirm the return of all company property and access devices, ensure the employee no longer has physical access to offices, and guide the employee in securely removing company data if they used personal devices for work.

Q10: What step should be performed immediately before deleting a user’s Google Workspace account?

The user license should be archived first. This action preserves the user’s data while preparing the account for deletion.
Revolgy

Revolgy

We make the cloud work for you. Fast-track to success with flexible on-demand cloud services. We bring you cloud technologies adapted to your needs, with rapid time-to-value and innovative solutions.

Related posts

rawpixel-552396-unsplash (1)
Is G Suite GDPR compliant?

The question is: Does GDPR require you to have your data stored exclusively on premises within the...

Read more
liam-tucker-491202-unsplash (1)
Who is the real owner of your company's documents?

All data created by users of your G Suite are an exclusive property of your company (see G Suite...

Read more