Recently our Network and Server Administrator got let go. We are a small organization and she was alone looking after Windows and Mac Servers. We have tried to secure the network by changing the firewall password and disabling her Windows account.
My question here is more about securing our Mac server. She built The Mac server on a Mac Mini running OS X 10.11 and we use it to enroll Mac devices and push apps via profile manager.
Now the challenge is I have never used Macs before and I don't have have any experience of managing or administering server. I tried to secure the Mac server by changing her account password which she gave before leaving. I don't want to disable her account on mac mini because there were loads of passwords saved in her keychain which we don't know and right now we are using the saved passwords.
Could anyone please guide me how can we secure our Mac server in case any sabotage attempt is made by her since she can still access our server via iCloud and can remotely wipe the server.
Best Answer
There's basically two things you need to do to secure your Mac from a (involuntarily) separated employee:
This is an overlapping approach because neither are 100% foolproof. However, if you remove as many of the access paths from outside the organization, whatever is missed will be covered by the changed account credentials; and vice versa.
Secure from Outside Access
It sounds like you have the Admin credentials required to change/lock out her account and from accessing the firewall. So, what you need to check is:
Change all Passwords
This one comes down to how "malicious" you think this person is or can be. You disabled her password, but did she have other accounts or know other people's passwords?
I run into this scenario all the time, small business customers tend to do things that larger organizations have policies against. For example, someone may be having an issue with their device and instead of remoting in, they will bring their laptop and when asked for the password by the Computer Admin, the user will write it down.
It happens because there is a higher level of trust in a smaller organization. It's usually not a problem until you have to fire the Computer Admin. That's just one example.
If you believe the person is malicious enough to do something, have all passwords changed.
Finally, as someone who does this for a living, I can't tell you how important it is to hire an outside consultant who can help mitigate these risks for you. This is a 3rd party, impartial person (company) who has a financial stake in securing your IT assets will (and should) have the same access as your admin(s). This way, should something happen, there is a person you can call that is familiar with your network and has the expertise to keep you running.
Best of all, a signed contract (SLA - Service Level Agreement) between you and a vendor is a wonderful thing for end user; they hold up very well in court.