What should organizations do when a user leaves the company to maintain security?

When a user leaves the company, it is crucial for organizations to destroy their access credentials to maintain security. This ensures that former employees can no longer gain access to the company's systems, data, and networks, which protects sensitive information from potential insider threats or unauthorized access.

By systematically revoking access rights, organizations can mitigate the risk of data breaches that could occur if a departing employee retains their credentials. This applies to various forms of access, including physical access to facilities as well as digital access to networks, information systems, and applications.

Other options may seem relevant but do not address the immediate security concerns as effectively as destroying access credentials. Archiving data can be important for compliance or record-keeping, but it does not mitigate the risk of unauthorized access. Notifying other employees may be necessary for awareness but does not directly secure the company’s systems. Changing all passwords can be burdensome and is not typically required unless there are indicators of potential compromise; it may not be an efficient response to a single user leaving. Thus, the most effective and immediate action to protect the organization is to destroy the departing user's access credentials.