When employees leave your company, thoroughly revoking their access to internal systems and data is an absolute must. As one global SaaS provider puts it: “An ex-employee with bad intentions can intentionally wreak havoc on your business, while an ex-employee with good intentions can do so by accident.” Intent aside, the potential for irrevocable damage from any departing staff member is real, so offboarding, following an established and proven process to the T, should receive the utmost attention.

“Using the same procedure with everyone reduces the risk of accidental or deliberate data theft and eliminates as many points of vulnerability as possible,” says the Identity Management Institute, which also recommends strictly following a checklist. Best practices like these and others can help you reduce your risks.

1) Collect Company-Owned Devices. Phones, laptops, and data-transfer-and-storage devices not only contain sensitive information, they also represent a capital investment, which must be protected.

2) Terminate Network Access. Completely eliminate the user’s unique identity and don’t reuse the account for their replacement. Include any third-party cloud-based programs they may be using.

3) Wipe Personal Devices. BYOD policies are widespread. So be sure to remove company-owned data, programs and passwords from employees’ devices when they leave. If wiping remotely, be certain only to remove corporately owned assets, as accidentally deleting personal information may invoke a lawsuit you’ll almost certainly lose.