Joseph Powell first suspected that there were problems with his IT contractor when the admin refused to cede his administrative rights on an accounting software package. Powell, who was the business administrator for a private school, began noticing more issues. When the school's board ordered the IT admin to cede control of the software, he began introducing deliberate errors into the school's database. "We also began to experience costly downtime on the network coinciding with any time [he] was unhappy with how he was treated by the administration," Powell says.
By the time Powell and the board made the decision to fire the contractor, he was reading everyone's e-mail, so Powell had to leave his office every day and head over to a local library, where he then used a private e-mail account to correspond with his bosses.
[ What skills should every IT person have to stay employed? Find out here ]
He then hired a new IT team to replace the contractor and had them covertly copy everything on the school's network. This turned out to be a prudent move: When Powell told the contractor that his employment was up, "he replied that he built the network and would be taking it with him." And the former admin tried: On his last day of work, he logged in and wiped every document off the network. Had it not been for Powell's foresight, the school would have lost all its digital assets.
Powell's nightmare illustrates why firing IT personnel can be tricky. These are the employees who hold the keys to the kingdom, who can copy confidential information with a few keystrokes, who can lock everyone out of the network -- or nuke it entirely. So what do you do when you have to let one go under less-than-optimal circumstances?
Step 1: Plan for damage control
The first step: Plan how to curb any damage.
According to Todd Stefan, president of high-tech risk management firm Talon Cyber, "Don't shoot from the hip. This has to be planned out. Planning and foresight is what I consider the biggest 'do.'"
He says there are three different facets to terminating an IT person: "There's the access to the network, the applications they can log on to, and the usernames and passwords they know."
Therefore, before you plan to terminate someone, you need to figure out what kind of access they have to all the company networks. Find out who else has access to those systems; if no one else does, then add a backup administrator.
In addition to figuring out what sort of access the soon-to-be-fired IT employee has, managers will also need to determine how to prepare for a smooth transition to other employees and how to implement new security measures in the wake of the person's dismissal. "If you don't have the measures in place to turn everything off and prepare, it's best to postpone the termination," Stefan says.
This may also be the stage where it's smart to bring in an outside party to begin auditing the networks. This way, if there are backdoors into the networks or if the troublemaker suspects they're about to be let go, the auditors can find any potential threats, detect any sabotage or deletion of incriminating evidence, and back up any critical systems.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Vignette Announces 2008 Excellence Awards 2008-11-21 10:50:00+11
PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008 2008-11-20 17:34:00+11
Symantec Cloud Services Transform Data Centre Operations Through Proactive Management 2008-11-20 12:06:00+11
Verizon Business Offers Tips to Building a Successful Unified Communications and Collaboration Plan 2008-11-20 12:04:00+11
AARNet Brings 4K Digital Cinema to Australia: First 4K HD Video Signal delivered into Australia by AARNet 2008-11-20 12:02:00+11
Radicati Market Quadrant 2008 on Corporate Web Security
An Analysis of the Market for Corporate Web Security Solutions, revealing Top Players, Mature Players, Specialists and Trail Blazers. Read on to discover who makes the grade.
Buying Guides
Buying Guides
