When firing an employee – involve your IT department

by | Jan/14/2009

Be sure to involve your IT department when terminating an employee.

You trust your employees to access the organization’s data, and along with that access comes the ability for them to harm your organization. Other companies have experienced problems such as:

  • The employee copying client information to take with them when they go
  • The employee deleting or damaging any company data
  • The employee covering their tracks of any wrong-doing by editing audit logs
  • The employee sending out damaging information from the company e-mail address
  • The employee accessing the computer network remotely in the future from home
  • The employee accessing confidential data to release publicly, sell, or even use for extortion to seek revenge on the company
  • The employee knowing someone else’s password and logging in under their account to perform any of these tasks
  • Damaging any of the services such as the company web site, e-mail system, or any other services they have access to
  • Physically damaging company property such as laptops and PDA devices

What can you do to protect this?

Before someone finds out they are going to have their future freed up to go work somewhere else, and after checking with the organization’s legal advisor, organizations ask the IT department perform tasks such as:

  • Suspending the employees network and application privileges
  • Suspend all accounts the user could use to remotely access the network through a home computer, VPN, GoToMyPC, LogMeIn, Web Access, Remote Desktop, or any other way
  • Suspend all e-mail to and from the user’s account
  • If there is the slightest chance the employee may know other user passwords, reset those passwords as well. You will be thankful if you are already using two-factor authentication such as key fobs or fingerprint readers to reduce the chances of unauthorized access
  • Disable the employees corporate accounts for their mobile phone and PDA devices
  • Reset their password on the corporate voice mail system
  • There are tools your IT department can install that allows for the remote destruction of all the data on the employee’s computer, laptop, mobile devices etc so they are wiped clean of any corporate information
  • Ask the employee to hand over any USB memory sticks or other storage devices they use in their work that might contain company information
  • Check with your legal advisor first, and if they support you, ask the employee to divulge any passwords they have used on any systems or to lock any files
  • Notify all help desk professionals that if the user calls to get their password reset, to deny the request. Even if some of the application support comes from outside vendors – notify them too
  • Have IT be extra-vigilant for intrusion attempts – and in this day and age let’s hope they are very vigilant already since there are so many unsolicited intrusion attempts already
  • You may choose to disconnect their computer from the network by removing the Ethernet cable or wireless card if you suspect there may be any data that might need to be used in an investigation of any kind
  • After the investigation is complete, the IT department will want to totally reformat the user’s computer and install a fresh copy of the operating system and applications
  • Depending on what your legal advisor says, it is best to bar the employee from the premises or at least have them escorted by a trusted person at all times so they don’t attempt to access or damage anything related to IT

These tasks are in addition to the other steps your HR department takes such as taking back the corporate credit cards and keys to the office, handling the legal issues of termination, etc. It could be that one of the first clues your employee has that they are going to be an ex-employee is that all their electronic access stops working.

Moreover, if the person you are terminating is a member of your IT department, the process gets very complicated since they have administrative access to so many areas.

There are all kinds of dangerous scenarios to consider, and the best defense is to have your network security in great shape all the time with the appropriate checks and balances including audit logs that even the IT department cannot delete or alter.  The fact is that there are many steps to put into place all the time with IT security or even the above steps will be rendered ineffective.