You're Fired!

Even if they seem calm and collected, terminated and laid off employees could be harboring a secret weapon-anger-and it can compromise your network.

A member of the IT security department is terminated for poor performance. He goes home, angry, annoyed and frustrated. He has a drink or two and really gets worked up. Being a computer systems expert, he decides to see if he still has access to his former employer's network. So he goes online and tries to log in. Sure enough, he has full access to every system and every file on every system. Amused, he pours himself another drink.

He realizes he feels entitled to a little revenge. So he deletes every file and every application that management needs to perform their jobs. He deletes spreadsheets, memos, letters, network accounts, everything. He knows the impact this will have on the company, because he was the one responsible for doing backups of these systems, and he hasn't done a complete backup for weeks.

The next business day, management realizes they have a significant problem. The IT security guru sobers up and realizes he forgot to delete the log files that reveal his activity. He gets arrested. Does the company have the last laugh? No, because their data is destroyed, and now they have to spend thousands of dollars manually recreating it.

Everyone's a Threat
Although IT professionals can have easy access to corporate systems, they are not the only ones who can have an impact on corporate data when they leave an organization. Imagine a chief technology officer who has worked his way up through the ranks of his company for eight years, taking roles in numerous departments with varied responsibilities before reaching his current position. He is trusted by his employers, and they grant him access to everything. He has keys to the front door, the elevators, the network operations center, the telecommunications closet, storage closets and a handful of offices. And if he does not have the key to a particular office, he has a key to a lockbox that holds the keys to every office and file cabinet.

He designed, installed and configured the computer network. He still has administrator rights on all systems. He has a company-supplied laptop and he has permission to work on projects at home on his own computer systems. In fact, he has copies of every document he ever created burned to CD and stored on his home office computer. He also has a company-supplied cell phone and PDA. He knows the work habits of other key employees; he knows that the president of the company is always in the office on Saturday mornings between 10 a.m. and noon.

What would happen if this man were terminated and all company property were not collected immediately upon his termination?

  • He could enter the facility after hours and delete every file on every network server the company owns (after destroying every backup tape).
  • He could enter a storage room and destroy all client files and information.
  • He could enter the accounting department and steal company checks.
  • He could sit at home and disseminate proprietary information to competitors (and his previous employer would never know).
  • He could modify the company Web site so that it appears to adverise a business specializing in the taxidermy of family members.
  • He could change the passwords for all system administrators and then uninstall all network printers. Everybody could still log in to the network, but they couldn't print, and the system administrators would not be able to log in to fix the problem.
  • He could enter the business on a Saturday morning and kill the president of the company.

Although some of these possibilities are the result of my overactive imagination (a member of law enforcement once said to me, "I'm really glad you're on our side."), some of these are based on incidents that have actually happened. Despite these eye-opening scenarios, many businesses do not have adequate mechanisms in place to recover all company-owned property when an employee leaves an organization. In addition, many also have no mechanism to immediately disable network access.

This content continues onto the next page...