> I wouldn't ... lock their accounts unless you think that they are going to cause problems.
I'm not sure exactly what accounts you have in mind, but general I would lock them all, no matter what. You may trust them to not retaliate, but do you trust them to have chosen a password that they didn't use anywhere else and didn't get keylogged and didn't give to phishers, and that their account will not be compromised in any other way?
Maybe email is tricky, since they could potentially have some personal stuff they want to retrieve. Perhaps the helpdesk can assist them in that case; or give them 5 days or so where they can still access email.
(If it matters, I have zero experience in this, just an interest in security.)
Edit: I now see you probably meant just giving something like the rest of the day on the lock, if you trust them.
I'm pretty sure he wasn't saying to leave them unlocked indefinitely. Some companies lock accounts as soon as they lay people off (or even before), because they're paranoid that someone will grab trade secrets or sabotage something. Treating people this was is really insulting. It's generally reasonable to let people retain access for a short period of time (i.e. the rest of the day) so they can do things like send goodbye emails to the team, grab the e-tickets (or whatever) that they had sent to their work address instead of their personal address. No one should expect their accounts to remain unlocked for long, but long enough to close out any open threads and say goodbye is just being respectful.
Ever been in a roomful of people waiting for a suddenly-called all hands meeting, and seeing a whole bunch of people with their phones out wondering why their email isn't checking, then seeing their wifi credentials stop working, then the lightbulb going off in their heads?
I would say that in this case... the personal stuff should have stayed off of the work email.
I'd rather leave a company knowing that my accounts were locked, than not. If it's locked, I have more confidence that I wouldn't be accused of doing something seedy when packing up.
Shoulda woulda coulda. Yes, people shouldn't send things to work, but they do. All the time. Especially so if the event happens after work, for example. Or maybe it's part of an overarching todo list you store in Exchange. Or maybe you have a few documents in OneNote which are personal but you hadn't had time to send them to yourself. It happens quite frequently. The implication is also that the account will get locked, for example, at the end of the day, so they can wait until the end of the day and then see their account locked and leave.
I always find it interesting how paranoid people are about this, coming from a country (Norway) where you not only generally have the right to 3 months notice, but also have the right to continue working during your notice period (a result of seeing work as a right and requiring very compelling reasons to take your work away). There are exceptions, such as e.g. if you're fired for cause, but they are quite limited.
In reality, it causes few problems - people likely to do something malicious probably already did it behind your back anyway.
Yes, same thing in Germany. The relationship in the US between employee and employer seems very hostile from our point of view, full of fear, mistrust, and legal issues. But I guess it only seems that way, due to cultural differences?
I worked for a place that notified an entire team they were laid off by locking them out of exchange. When individuals couldn't login they talked to peers and figured out what had happened 2+ hours before HR started talking to them. That company was all class.
My current company just had layoffs and most people found out when HR left the firing lists sitting face up on top of the copier to go to the restroom. I survived and I'm still trying to figure out if I want to bail too. I was pretty upset that as recently as 3 weeks ago we were asked to help recruit friends for a senior java architect position, and one of the laid-off engineers had only been at the company 7 weeks. It's just not right to fuck with people like that.
Ha, I didn't know that happens. Yes, definitely leave it open until you talk to them, and for however long you allow them to say goodbye and tie up loose ends. The greater context of what the original comment said seems to match up with what you're saying, but I didn't fully understand it.
I'm not sure exactly what accounts you have in mind, but general I would lock them all, no matter what. You may trust them to not retaliate, but do you trust them to have chosen a password that they didn't use anywhere else and didn't get keylogged and didn't give to phishers, and that their account will not be compromised in any other way?
Maybe email is tricky, since they could potentially have some personal stuff they want to retrieve. Perhaps the helpdesk can assist them in that case; or give them 5 days or so where they can still access email.
(If it matters, I have zero experience in this, just an interest in security.)
Edit: I now see you probably meant just giving something like the rest of the day on the lock, if you trust them.