Hardly a day goes by without headlines announcing another round of layoffs. As painful as the numbers are — these are people’s lives, after all — the pain can be infinitely worse if the firms doing the cutting don’t also actively control security both before and after employees head out the door.
Recent examples of the scary behaviors of disgruntled employees should give IT and security managers pause. In one high-profile case from last summer, a discontented systems administrator changed the access codes for the city of San Francisco’s network and refused to share the information. The city’s administration was essentially shut down for days while lawyers and prosecutors tried to work things out with the rogue employee.
As the layoffs continue, expect more soon-to-be-ex-employees to take matters into their own hands as they empty their cubicles. Once upon a time, the company’s biggest worry was stolen office supplies. But today the stakes are much higher. Whether they’re dumping confidential data onto flash drives (sometimes called podslurping), stealing it via Bluetooth (bluesnarfing) or simply e-mailing it home, laid-off staff members with nothing to lose are placing vulnerable organizations in ever greater peril.
In many cases, the firms have no one to blame but themselves. Layoffs often are executed haphazardly, with little advance notice to supporting departments and no adherence to repeatable processes. IT is rarely involved in the initial planning. As a result, system accesses remain in place, often indefinitely, which means there’s nothing stopping an ex-employee from connecting…
Please log in or subscribe to read this article