Layoffs: Close Security Doors Before Showing Employees The Exit Door

Security and system access issues must be addressed long before pink slips are distributed. Some observers, in fact, view laid off employees as one of the biggest network and data security threats your company will face.

Keith Ferrell, Contributor

February 23, 2009

2 Min Read
Dark Reading logo in a gray background | Dark Reading

Security and system access issues must be addressed long before pink slips are distributed. Some observers, in fact, view laid off employees as one of the biggest network and data security threats your company will face.Nobody likes to let good employees go, but with layoffs an increasing fact of life in this economy, it's vital that you address system security issues before issuing layoff notices.

The cost of not doing so could mean that your company's data is headed for the door along with your former employees.

But before you can address those security issues, you have to know who has access to what.

Sounds simple and self-evident, yet a recent survey showed that close to 70% of IT execs don't have accurate access audits of their company's personnel.

Without such an audit -- thorough and regularly updated -- the risk of sending a possibly disgruntled employee home while still having access to your network, customer records and other critical data is enormous.

And it's clear that our current economic climate is increasing the number of insider threats companies face.

Look: most employees, however emotionally affected by losing a job, aren't going to take any action against your systems. But all it takes is one former worker with an active password and a grudge to do serious damage.

How serious?

Take a look at these horror stories about system administrators who turned on their former employers.

Nor does the concern extend only to sysadmins and other tech staff. Any former employee with unclosed access is a potential vulnerability.

The matter becomes more complicated if, like many companies, you provide your employees with a few days' or weeks' notice before their last day.

If you're not running identity management and endpoint access controls, now is the time to make the investment.

Additionally, if you haven't performed a company-wide access and equipment audit lately -- or, for some of you, ever -- do so immediately.

With luck and determination your business will come through the economic crisis with minimal loss of staff.

It takes more than luck, though, to ensure that if you do have layoffs, your former employees can't take action against your company, your systems or your data.

It takes planning, preparation and implementation, and it requires them now.

About the Author

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights