Felix Nater, president and owner of security management consulting firm Nater Associates, said that companies need to be proactive in protecting their proprietary data by having plans in place that reduce the risk that they could be irreparably harmed by a disgruntled employee. Even something as mundane as an iPod can pose a substantial risk when it’s in the possession of a person with the right know how.
“Do not allow employees, to bring into the workplace, the USB flash drives that have the capability to download significant amounts of data from your systems, whether you’re a small company, a mid-sized company or a large company. Do not allow them to have high capacity iPods. While most employees wouldn’t resort to that type of behavior, when there is impending loss of a job… people are thinking that way. How do I boost my marketability?”
As companies have merged more of their operations into IT departments, the more vulnerable they have become to these sorts of threats, according to Kelton, who says that the most important step in protecting a company’s IT assets is to perform a risk assessment to identify security vulnerabilities. Another issue that must be taken into consideration when talking about IT security is information the company needs to safeguard as it pertains to state and federal laws.
“Everyone is concerned about security and protecting sensitive information right now and a lot of laws have been made and many organizations aren’t even aware. The state of California has 78 privacy laws and most organizations aren’t aware that they’re probably violating a lot of them already,” he said. “So first, take a step back, see what government is saying needs to be done for that specific industry… and then from there start to build in security structures that protect against different threats from bad information.”
Although unlikely, security personnel at companies must also be prepared for a worst case scenario in which an employee turns violent and takes out his or her anger over their job situation on management or fellow co-workers. As recent events have shown, there are those who will seek vengeance against a company for perceived wrongs perpetrated against them.
“One of the issues that an employer has to take into account is the potential for a disgruntled employee that is being terminated that could turn into a workplace violence situation. The employer has to work out a process with HR and the department heads that they need to involve security in that particular meeting or meetings where security would be in a position to react to any type of violence,” said Gee Cosper, a former Secret Service Agent, who is now president and CEO of security consulting firm Gee Cosper & Associates. “But there’s got to be some sort of a process as to one; locking the person out of any IT or passwords or card access simultaneously; number two, when the employee is being terminated, to have security close by to respond to any type of disgruntled employee’s actions; and then number three, to have a process where the employee is taken back to their desk where they can get their personal items in the presence of security and security can then escort them to their car.”
According to Baker, there may also be reason for many company executives to fear for their safety considering the fervor that has been created in the media about dwindling economic conditions and the perception of the role that management at many organizations have played in it.
“Executives should never dismiss the potential for retaliation, particularly if the wealth gap is great between executive and worker. Criminology teaches about frustration and anger and the lack of control people feel in very strong persistent stress such as a layoff,” he said. “Executive residences and family security should be taken into account because revenge is a possibility.”
Preventing problems before they start
Despite the challenges posed by the aforementioned security issues, there are steps that companies can take to ensure that they don’t become victimized by their employees during these tough times.
Perhaps the most important step, according to security experts, aside from not letting employees know that job cuts are coming, is having a plan in place and conducting risk assessments well in advance of any impending layoffs to safeguard the organization from retribution.