The Secure Employee Offboarding Checklist for Agencies
Onboarding is exciting. Offboarding is awkward. But if you do it wrong, it can be catastrophic.
Table of Contents
Introduction
60% of ex-employees admit to keeping data after they leave.
Sometimes it's malicious. Usually, it's just negligence. "I forgot I was logged into the company Dropbox on my iPad."
You need a standardized process to ensure the door is truly locked.
The Risk of "Ghost Users"
A "Ghost User" is an account that remains active after the human is gone.
If that account has a weak password, and it gets hacked 6 months later, the hackers are inside your agency. And nobody is watching the account to notice.
The Offboarding Checklist
1. Communication
Remove from Slack first. This stops "Goodbye" messages that might cause drama.
2. Identity Provider
Suspend their Google Workspace / Microsoft 365 account. This often auto-locks connected apps.
3. Specific Apps
Manually remove from tools that don't support SSO (Notion, Figma, Stripe).
Notion Specifics
Notion makes this tricky.
If you just "Remove Member," any pages they created in their Private folder that they shared with others will disappear.
The Right Way:
- Log in as an Admin.
- Transfer their private content to an Admin account (Enterprise attribute).
- Or, ask them to move critical private pages to the Teamspace before their last day.
- Then, remove them from the Workspace.
Password Rotation
Did they know the shared password for the company Instagram?
If you share passwords (bad idea), you MUST rotate them every time someone leaves.
Use a tool like 1Password to share credentials securely without revealing the actual password string.
Conclusion
Security is not about trust. You can trust your employee and still follow protocol. Protocol protects them from false accusations as much as it protects you.
Secure Access Control
FilterGate handles authentication for you. Revoke client access with one click, without touching your Notion permissions.