As reported by multiple news outlets, an ex-IT contractor, who had been dismissed by the museum, broke in and shut down part of the museum’s security and IT system just before the weekend.
This resulted in the museum being unable to open some of its exhibitions over the tourist attraction’s busiest period. The former contractor was arrested for criminal damage.
Chris Garner, managing director of the consultancy Avensure told HR magazine that “HR has a vital role to play in ensuring that their organisation doesn’t befall the same fate as the British Museum.”
Read more: Beyond exit interviews: Three steps to productive offboarding
To avoid the same acrimonious, headline-making fallout, he said: “Businesses cannot afford to ignore the perils of failing to safely off-board employees.”
As part of this, Garner said that access to systems, client lists and so on must be revoked immediately upon the termination of employment, with any workplace electronic devices collected immediately.
He also added that policy helps: whether that be pay-in lieu notice periods to allow employers time to release workers so they don’t cause disruption during that time, or confidentiality agreements.
For Garner, it’s important to also maintain good relations, even if the split has been difficult.
He said: “Don’t give them a reason to bad-mouth their time with you – the reputation you’ve spent years curating can be damaged quickly by disgruntled ex-employees.”
Alastair Brown, chief technology officer at software firm BrightHR, added that it's critical to have processes and policies that cover security, data and systems, to ensure that no employee can cause similar chaos to the kind that the British Museum has experienced.
Speaking to HR magazine, he said: “Maintaining positive relationships with current and former employees is obviously beneficial... but it should not be relied upon as a security measure.
“Organisations should assume that any employee could potentially misuse internal company information and make sure that they have robust processes and protocols in place to protect themselves.”
Brown continued that while culture is important for the success of a business, it is not a substitute for such cybersecurity protocols, which should include strong password properties, restricting access to systems and data based on role, monitoring employee activity and offboarding procedures.
He added: “And clear offboarding procedures should ensure that all access is revoked as soon as an employee leaves.”
Read more: Exit interview insights are going to waste
This is, he explained, especially critical for those with access to critical IT or data systems.
“Using centralised password management systems, and updating passwords promptly when employees exit is another best practice. Implementing password expiration policies is also a good preventative measure,” he said.
“Additionally, employers should use systems that monitor login attempts and flag unusual access patterns, enabling them to detect and respond to suspicious activity.”