Skip to main content
Contact Support

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to Cloud.

Code42 Support

Add departing employees

  1. Last updated
  2. Save as PDF

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to Cloud.

Overview

Use Departing Employees in Code42 to review the file activity of employees leaving your company and quickly identify anything suspicious. This article explains how to add a user to Departing Employees and use Alerts to help protect you from data loss that may occur when an employee leaves your company.  

Video

Watch the short video below to learn how to use the Departing Employees application.  For more videos, visit the Code42 University.

Considerations

Before you begin

This article assumes that you have enabled Code42 monitoring on your endpoints and cloud services activity. For more information, see:

Step 1: Add employee to Departing Employees list

  1. Sign in to the administration console
  2. Go to Detection > Departing Employees.
  3. Click Add Departing Employee.
  4. Enter the departing employee's information: 
    1. Code42 Username: Enter the Code42 username for the employee. 
    2. Add Cloud Alias: If the employee has email aliases other than their Code42 username that they use for cloud services such as Google Drive, OneDrive, or Box, click Add Cloud Alias to add and monitor those aliases.
      If the Code42 username is the same alias used for cloud services, skip this step. The Code42 username is automatically monitored for file activity in your cloud services. 
    3. (Optional) Departure Date: Enter the date the employee is leaving your company. 
    4. (Optional) Notes: Enter any details for this departing employee, for example, "Has accepted another job offer at a competitor". 
  5. Click Add Employee
    The employee is added to the list of departing employees and to the default alerts for suspicious file activity.
Add multiple departing employees with the Code42 API
To add multiple departing employees at once, use the Code42 API's DepartingEmployeeCase resource. For more information about how use the Code42 API, see Tools for interacting with the Code42 API. For assistance using the Code42 API, contact your Customer Success Manager (CSM) to engage the Professional Services team.

Step 2: (Optional) Change default alert settings

  1. Go to Detection > Departing Employees.
  2. Click Alert Settings.
  3. Click Enable alerts for all departing employees to turn the default alerts on for all employees listed in the Departing Employees application, if not already enabled. 
  4. Click Manage Alert Settings
    The Manage Rules screen appears.
  5. In the list of rules, click Edit Edit icon for an alert rule that has the blue Departing Employees label.  
    The Edit Rule window opens.
  6. Make any necessary changes and click Save.

Step 3: Investigate employee activity

You can investigate suspicious activity by a departing employee from either an alert notification email you receive, or from Departing Employees in the administration console directly.  

To investigate activity from an alert notification email:

  1. In the notification email, click View Alerts in Code42.
  2. Sign in to the administration console. 
    The Alerts application opens to a filtered list.
  3. Review the details of that activity.

To monitor employee activity in the Departing Employees application: 

  1. Sign in to the administration console. 
  2. Go to Detection > Departing Employees.
  3. Locate the employee in the list of departing employees and click View User Profile View user profile icon.
    The employee's User Profile page appears and shows any file activity performed by this employee.

Departing Employees default alert settings

When a user is added to Departing Employees, they are automatically added to the default Departing Employees alerts within Alerts. These default alerts are listed below, along with their default settings. 

Endpoint exposure 

The Endpoint exposure alert triggers when the total size or number of files moved to removable media, synced to a cloud service, or read by a browser or other app exceeds the defined limit for this alert. 

  • Severity: High
  • File Activity:
    • Read by browser or other app
    • Moved to removable media
    • Moved to cloud sync folders for Box, Box Drive, Dropbox, Google Backup and Sync, Apple iCloud, Microsoft OneDrive
  • Time Frame of Events: Within 15 minutes
  • File Count: 20 or higher
  • File Size: 500 MB or greater

Cloud share permission changes

The Cloud share permission changes alert triggers when the total size or number of files that changed to be publicly accessible exceeds the defined limit for this alert. 

  • Severity: High
  • File Activity:
    • Box - Public via direct link
    • Google Drive - Public on the web (Google Drive only), Public via Direct Link
    • Microsoft OneDrive - Public via direct link
  • Time Frame of Events: Within 15 minutes (cannot change)
  • File Count: 20 or higher (cannot change)
  • File Size: 500 MB or greater (cannot change)
Departing Employees default alerts versus custom alerts
In Alerts, you can create custom alerts to monitor file activity in your environment. However, users added to Departing Employees only trigger default Departing Employees alerts. To manage both custom alerts and default Departing Employees alerts, go to Alerts

For more information about how to change the Departing Employees default alert settings, see Change alert settings.