« Secret Question Security | Main
Friday
Mar272009

Security and Job Cuts

DateFriday, 27 Mar 2009

As many businesses struggle with the current economic downturn, jobs are being cut more frequently than before. This increases the risk of malicious activity against the company by the sometimes disgruntled employee who has found himself out of a job, how can we best protect our assets during this time?

Most people who act irrationally when angry do so soon after the event which has made them angry occurs. For the IT administrator this means that if the former employee is going to take some malicious action against the company, such as deleting or corrupting data stored on the systems or emailing clients with bogus or damaging information the chances are he will do it soon after he gets the news.

It is a difficult situation to be in, and of course if the employee tries to log on to recover some personal files or send an email and finds himself already locked out of his account this can be like throwing fuel on the fire.

This is why I believe written policies and procedures are important in situations like this. If you have a set procedure to follow that everyone is aware of it becomes a less bitter pill to swallow for all parties involved.

Some of the things that spring to my mind that I think should be included in the policy are;

Account disabling, it only takes a minute to do but should be the first step from the IT depts perspective. It is better to have to re-enable an account that to try and restore huge amounts of data or undo other damage that may have been caused.

Recovery of equipment, you do not want to be chasing people around looking for laptops, mobile phones or cameras. Again, the sooner you have the equipment back the better.

Equipment sanitizing, once the equipment is back with the IT dept it is a good idea to format hard drives and reinstall the operating systems and software again, this will both give the next user a fresh start on a clean machine and stop any of the existing files being accesible to the new user. If the equipment will be leaving the company to be sold on or scrapped ensure the hard drives are properly destroyed or over written several times with a secure wipe program.

As each company is different there may be other steps you would need to include into your policies but hopefully this will have put you on the right train of though.


AuthorSam Hartley | CommentPost a Comment |
in

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>
Alert
Comment Moderation Enabled
Due to recent spamming your comment will not appear until it has been cleared by a website editor.

Notify me of follow-up comments via email.