Layoffs are an unfortunate reality in this economic climate. Security has a critical role in helping support both the departing employees and the organization.
Terry Childs is a good example of the too much power in one spot or the hit by a bus scenario. However, he is getting railroaded, $5 mil bail for not giving up passwords and having remote access, please. 90% of what he is charged with is standard network engineering, remote access modems for disaster and testing purposes. At most a firing situation for insubordination.
On the prevent them from going back to their desk thing, I guess it would be trespassing versus theft. Can you really prevent someone from retrieving their personal property? With tech types, which piece of equipment belongs to the company and which is theirs?
An all around sucky situation that will get worse before it gets better.
I don’t understand how companies can be so ignorant and protect their most critical data with outdated passwords. It is obviously a great idea to remove the user profile of a fired employee as quickly as possible. But don’t you think that this frustrated employee already has a backup plan? Most fraudsters don’t use their own user profile anyway and with 20 ways to get any coworkers password at any point of time you can be sure that any disgruntled employee will find a way to get access to his former companies system, if he/she wants to create damages! While most cases never get reported there are enough stories available in the Internet.
In the good old days at least companies had the advantage of physical security. The former employee would have to make it into the building before causing damages. Now – in the name of globalization and web access – he can do it from the comfort of his home or an Internet Cafe.
Companies need to wake up and understand how dangerous passwords are! They should also check into biometrics to secure their most critical data or processes. Once the company removes the biometric template of a fired employee there is no way to get access.
This is why I recommend every company to SHOW PASSWORDS THE FINGER (using biometrics of course ;-)
Check out some educational info at www.showpasswordsthefinger.com
This is scary but very true; companies should notifiy the I.T. Department prior lay-offs to prevent any deletion of important information from those computers and block access remotely. A Security and/or Loss Prevention staff member needs to escort that person directly to their desk from the H.R. Department office and only personal items to be taken from that area. That employee must be informed that their computer has been shut down by I.T. Department and any information inside computer belongs to the company and is under review.The Security and/or Loss Prevention staff helps carry boxes and/or items to their car, making sure that they leave the facility grounds immediately. A updated memo to Security Department or Loss Prevention Department of names of employees laid off should be posted in Security or LP access office. All company keys, I.D. Badges, Kronos cards, cell phones, company credit cards and laptops should be picked up immediately and inventoried.I will stop here......too much comments to place in such a short time!
Jerry Saucedo-Manager
CHSIII, CHWT, FSO & CRC
Safety, Security and Loss Prevention
Security's Role in Handling Layoffs
Layoffs are an unfortunate reality in this economic climate. Security has a critical role in helping support both the departing employees and the organization.
» View Article
Terry Childs is a good example of the too much power in one spot or the hit by a bus scenario. However, he is getting railroaded, $5 mil bail for not giving up passwords and having remote access, please. 90% of what he is charged with is standard network engineering, remote access modems for disaster and testing purposes. At most a firing situation for insubordination.
On the prevent them from going back to their desk thing, I guess it would be trespassing versus theft. Can you really prevent someone from retrieving their personal property? With tech types, which piece of equipment belongs to the company and which is theirs?
An all around sucky situation that will get worse before it gets better.
I don’t understand how companies can be so ignorant and protect their most critical data with outdated passwords. It is obviously a great idea to remove the user profile of a fired employee as quickly as possible. But don’t you think that this frustrated employee already has a backup plan? Most fraudsters don’t use their own user profile anyway and with 20 ways to get any coworkers password at any point of time you can be sure that any disgruntled employee will find a way to get access to his former companies system, if he/she wants to create damages! While most cases never get reported there are enough stories available in the Internet.
In the good old days at least companies had the advantage of physical security. The former employee would have to make it into the building before causing damages. Now – in the name of globalization and web access – he can do it from the comfort of his home or an Internet Cafe.
Companies need to wake up and understand how dangerous passwords are! They should also check into biometrics to secure their most critical data or processes. Once the company removes the biometric template of a fired employee there is no way to get access.
This is why I recommend every company to SHOW PASSWORDS THE FINGER (using biometrics of course ;-)
Check out some educational info at www.showpasswordsthefinger.com
Respectfully,
Thomas N
Realtime North America Inc.
This is scary but very true; companies should notifiy the I.T. Department prior lay-offs to prevent any deletion of important information from those computers and block access remotely. A Security and/or Loss Prevention staff member needs to escort that person directly to their desk from the H.R. Department office and only personal items to be taken from that area. That employee must be informed that their computer has been shut down by I.T. Department and any information inside computer belongs to the company and is under review.The Security and/or Loss Prevention staff helps carry boxes and/or items to their car, making sure that they leave the facility grounds immediately. A updated memo to Security Department or Loss Prevention Department of names of employees laid off should be posted in Security or LP access office. All company keys, I.D. Badges, Kronos cards, cell phones, company credit cards and laptops should be picked up immediately and inventoried.I will stop here......too much comments to place in such a short time!
Jerry Saucedo-Manager
CHSIII, CHWT, FSO & CRC
Safety, Security and Loss Prevention
Dirty Tricks: Social Engineers' Favorite Pickup Lines
Tabletop Exercises: 3 Sample Scenarios
19 Ways to Build Physical Security Into Your Data Center
Get instant notifications when whitepapers, webcasts and case studies are added to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
» More blogs
CSO Perspectives
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
Trend Micro ranked #1 against real-world malware. Read more.
64-page prescriptive guide to security, compliance, and IT operations.
Removing Barriers To Better Server Virtualization Efficiency
Mining for Gold: Cybercrime Prevention and the Role of Log Management
The Executive Guide to Data Loss Prevention
Organizations can spend up to 50% more on compliance efforts than necessary.
White Paper: A Security Blueprint Delivered From within the Network
Read the RSA report: Security for Business Innovation
Upgrading to VMware vSphere with vWire
Explore the increasing importance of log management as cybercrime threats grow.
The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
Implementing Best Practices for Web 2.0 Security
Five Ways to Reduce Your IT Audit Burden
THE IDG NETWORK