Take immediate action steps to disconnect systems and protect critical data with our System Privileges for Terminated Employees Checklist. Its main objective is to safeguard mission-critical systems and data, aiming to resume business activities in the shortest time possible, ideally within a few hours, to minimize disruption. The document provides a detailed checklist of actions, each with its rationale and priority level, that need to be taken immediately after the termination of such an employee.

These actions include disconnecting the system admin workstation, securing trusted backups, rotating system passwords and IDs, installing monitoring software, and conducting perimeter checks for rogue access devices. Additionally, it advises on strategies to deal with potential threats like logic bombs, backdoors, Trojan horse programs and other forms of "revenge-ware". This document is a crucial resource for businesses to maintain their system integrity and security during employee transitions.

Additional actions include:

• Rotate voicemail passcodes.
• Commence the monitoring of incoming and outgoing internet traffic, and consider installing an IDS sensor system.
• Consider quarantining all incoming emails.
• Consider disabling inbound or all internet services (physical disconnection) until perimeter and internal sweeps have been completed.