The impact of layoffs on business security

Security experts discuss keeping companies safe during times of financial turmoil


As the economic downturn continues to take its toll on the marketplace, more and more businesses are being forced with the difficult decision of slashing jobs to help keep the company afloat. In fact, since the recession began in December 2007, the economy has shed more than four million jobs, according to the U.S. Bureau of Labor Statistics.
 
Though most business decision makers’ attention is focused on getting through these tough economic times, security experts say that they need to be weary of employees, who fearful that their jobs could be on the cutting block, could take actions that potentially jeopardize the physical and logistical security of the company.
 
According to a recent joint survey conducted by information management research firm the Ponemon Institute and software security developer Symantec, nearly 60 percent of people, who had recently left or lost their jobs, admitted to taking confidential company information. Of the nearly 950 people surveyed, 53 percent said they downloaded the information, which ranged from client contact lists to employer records, onto a CD or DVD, while 42 percent admitted to transferring the information to a USB drive.
 
In addition to restricting an employee’s means to steal or corrupt company data, security consultant Brian Baker, who has nearly 20 years experience in the private security industry, said that it’s also important to impede a worker’s access to sensitive files.
 
“I’ve learned that there are few secrets in any business and that once rumors begin to circulate regarding a layoff or termination, many of the social controls and company policies are disregarded. While this may involve additional work or temporary expense, passwords and access levels should be modified as soon as the rumor mill provides clue that trouble is coming,” he said.
Baker added that a business may also want to consider bringing in a third party to help evaluate its IT vulnerabilities.
 
“The use of an IT security consultant to assist with added security and evaluation is important and by all means, files should be backed up,” Baker said. “I knew of a college that was experiencing a turnover event and it was common knowledge that the computer files of instructors were only backed up for 32 hours until the small memory banks were over written. There were no safeguards or warning signs in place to detect any kind of data dump by disgruntled employees. Proprietary educational files were downloaded and then replaced with worthless jpeg files. Nothing suspicious was indicated because the overall instructors’ file sizes remained consistent.”

Protecting proprietary information
 
Yet another potential danger that businesses and their security personnel have to be ready for as it pertains to data security are cyber attacks. Often times computer savvy employees can disrupt the operations of an employer by simply downloading files infected with viruses or spyware.
 
“Let’s say you’re concerned about a virus, you can have your anti-virus software up to date and not just for your employees that are working in the office, but any of your mobile employees who may have laptops or perhaps executives that work at home, because those systems can be compromised if they’re not fully protected,” said Jim Kelton, managing principal of IT security audit firm Altius Information Technologies. "You also want to make sure that those systems have firewalls in place. For a laptop, that’s probably a software firewall, if it’s an organization with servers, you’re more likely to have a hardware firewall that can help reduce your risks.”
 
Kelton added that checklists need to be made to remove former employee’s usernames and passwords from company networks and to confiscate any handbooks or other materials that may detail how to access company systems.
 
This content continues onto the next page...