In a week or two (or 3 or 4), I’ll be leaving on at least two months of maternity leave. Short/Long term leave is a pretty common scenario, whether for maternity leave, disability, or a sabbatical. People who have accounts and company knowledge are just “gone” for extended periods of time. Sometime, there’s advance notice, sometimes there’s not. What can you (or your company) do to make the transition easier from a security perspective?

Availability is one area of security – aka business continuity. If you know you’re leaving for an extended period of time, let your employer know as soon as reasonable. I know for maternity leave, many women and their partners wait until after the first trimester – there’s still 5-6 months to plan! Sometimes, in case of an accident (the proverbial “hit by a bus” scenario), there isn’t much advance notice. But as much as you can give, the better. Other than being polite, your employer has a chance to put a plan in place for your absence – heck, they might already have a plan they just need to implement. But it gives you a chance to transfer your knowledge to your colleagues (or possibly a temporary replacement), thereby continuing business.

Depending on the length of time you plan to be gone, you can do a few things to make your data more secure. Most maternity leave is at least 12 weeks in the US and much longer in other countries, that’s longer than the typical 90 day account deactivation/password reset timer. Depending on the specific arrangement with their employer, it may make sense to proactively deactivate these accounts and re-activate them upon returning to work – just make sure to mark the account as “do not delete” or something along those lines. If the employee will still be occasionally working, might as well just leave the account alone and make the employee change their password just like they normally would. If you’re the employee, it may be prudent to change your password before your leave (if you know when it starts), so that you get that maximum 90 day window.

If the employee suddenly goes on extended leave, such as a car accident, etc, then unless they plan on working from home, I would disable their accounts and re-enable them as the situation resolves itself. Maybe they’ll be able to work from home, maybe they won’t.

Unless the employee will be working from home, disable their VPN/remote access to reduce threats from outside. And if they have a company cell phone, it may be prudent to have them return that temporarily.

Communication – from both sides – is ultimately important. What if mom decides that she wants to become a stay at home mom? Letting your employer/employee know what’s going on will help the company’s data remain secure, by allowing the employer to make the right choices for the situation.

Here, for my leave, I’m working until the day I go into labor (who knows when that will be…), and so my exact date of starting leave is unknown. We’ve been training new employees to be able to handle all of my work while I’m gone, and I’ll be sort of available through e-mail to answer any questions that others can’t answer. I’ve changed my login password on all accounts, but since I plan on “working” part time, we’re not disabling my accounts so that I can still access my e-mail and remote access. I’ve put any passwords that my boss can’t readily change/access into a sealed envelope (encrypted e-mail in our case) in case he needs access for any reason, and we’ve let all of the clients I work with know that I’ll be gone at some point.

See you in a few months!