I came across an article on The Register about an individual in California who was sent to prison for over 5 years for hacking into his former employer’s network and destroying data. Now there’s nothing wrong with the sentence and fine; the guy did wrong and deserves to be punished.
But there’s one VERY important question that hasn’t been answered:
How in the world did the guy get back into the network after he resigned? Why wasn’t he locked out?
Nobody seems to have addressed this question, but had the company had a solid termination plan and implemented it, the outcome might have been different (even worse: this was a medical records company. Who is holding THEM accountable for not properly protecting their client’s data?).
To make it even more personal, how about YOU? Do you have policies and procedures to deal with former employees? If not, may I make a few suggestions that might help you get started on creating them?
First, when you know that you are going to dismiss an employee or that the employee is going to quit, disable their accounts. Delete them as soon as you’ve walked them out the door (more on that in a minute).
Assign a supervisor or manager to escort the individual until they leave the premises for the last time.
Isolate the individual. Take them to a private office. Talk to them and ensure they know what is going on, what your termination procedure involves, and that they understand exactly what’s going on.
Have them review any computer user agreements and/or non-disclosure agreements to ensure that they know what they can, and cannot, do in relation to company data. Ensure that this agreement clearly states that they are no longer allowed access to company data and networks!
Ensure that any data under their control has been transferred to the right person. Do not let them do it; instead, somebody else should do it while the terminated individual gives any verbal instructions.
Ensure that all company property (access badges, identification, etc.) has been returned.
Notify Human Resources to ensure that they are aware and so that they can get involved, as necessary.
If the person had administrative rights on any systems or networks or used a shared account (never a good idea), ensure that all passwords are changed before the individual leaves the company.
That should be enough to get you started. Remember, your goal is to protect your Business, and thinking through (and perhaps even doing a “dry run”) your procedure is the start. If you wait until you need to terminate somebody, it’s too late, and you stand a good chance of forgetting to do something crucial. While the former employee may pay (as this one did), YOU will still have to deal with the consequences.
It’s always better to take proactive steps to protect yourself.
–Tom
If you found this post to be helpful, you can say "thanks" and support this website by clicking here.
Comments on this entry are closed.