Home » Data Protection » Network Security

Security's Role in Handling Layoffs

Layoffs are an unfortunate reality in this economic climate. Security has a critical role in helping support both the departing employees and the organization.

In this economically driven layoff climate, put people first, and put yourself in their shoes, says Bruce Jones, global IT security and risk manager for Kodak. "You're not laying them off for performance, but for business conditions," he says. "You make sure you treat people accordingly."

Kodak has the layoff drill pretty much down; it's spent much of the last decade being buffeted by the shift to digital imaging.

"TIP: Get people moving forward."

Kodak typically lets employees keep basic network access for a few weeks after a layoff, to help transition their work and in case they are able to get another job within the company.

Organizations can even protect themselves from Terry Childs scenarios. Chad Thunberg, the chief operating officer at Leviathan Security Group in Seattle, says that early in his career he took over for a systems administrator who had been fired for cause. Two days later, the ex-employee hacked into the network and took down a number of important servers. It took 24 hours to get them back online. That company, like the city of San Francisco, had allowed one person to have sole control over too many systems and should have split off some of his duties, as well as designated a backup who would know all the same access and permission codes.

Deprovisioning
Once layoffs are complete, companies have to do a good job on the nuts and bolts on three fronts:
1. Removing laid-off employee access to company resources in timely fashion;
2. Keeping data from flowing away from the company;
3. Protecting data where it's stored.

Technology and processes can help with all three. Every company has ways to get employees access to systems, and to remove that access when the employee leaves, no matter what the circumstances. But they don't necessarily use it well. One stunning data point in the Ponemon survey is that 24 percent of employees let go still had full systems access days later. In fact, more than one-third of those employees still had full access more than a week later. "That is a broken process," says Ponemon.

Deprovisioning doesn't have to be such a nightmare. The technologies in the last five years have improved greatly. Whether it's Active Directory, OpenLDAP or some other tool, "most systems accomplish deprovisioning with ease," says Greg Shipley, CTO at Neohapsis, a security consultancy headquartered in Cambridge, Mass. (Also see BT's Termination Checklist for a full list of assets and privileges to consider.)

But process "gotchas" plague many companies, Shipley says. Not all applications get added to the system. Individual accounts may not get added in, particularly for employees that predate the deprovisioning process. There may not be procedures for changing "god" accounts like root and administrator accounts, or the "enable" password on network infrastructure. Remote accounts that are active may be overlooked, leaving someone logged in with full access, even though they've been deprovisioned.