Home » Data Protection » Network Security

Security's Role in Handling Layoffs

Layoffs are an unfortunate reality in this economic climate. Security has a critical role in helping support both the departing employees and the organization.

Some firms have to be more aggressive about handling data access than others. A midsize financial services firm recently did a significant layoff. To minimize data loss, two days beforehand it put a group policy command into Active Directory to prevent people from burning CDs or using USB sticks to get data. Even the help desk did not know what was happening.

"We just let them scramble and try to figure it out, knowing they couldn't fix it," says a security administrator at the firm, who asked not to be named. "It was a waste of time, but it's what we had to do."

He says the firm also laid off high-level network administrators first, and did not allow them back to their desks to get their things.

There are tools to allow whole disk encryption, most notably from PGP, which is particularly useful when dealing with laptops. Varonis offers a tool that lets companies control who has access to which data.

But for things like preventing salespeople from taking their contact lists with them when they leave a firm, technology only goes so far. "I don't know of a solution to secure stuff like that on a Windows Mobile device or an iPhone," Thunberg says.

In the end, monitoring and auditing data transfers are reactive technologies. At best, if employees know such tools are in use, it may deter brazen thefts.

The Aftermath
Finally, CSOs need to rethink their functions after layoffs.

"As staff get assigned other duties, security is less likely to get good monitoring and our safeguard procedures and processes are less likely to be executed," says Tony Lucich, chief information security officer and enterprise architect for County of Orange, Calif. Lucich says that IT departments need to reprioritize what is considered critical because fewer people will be around to make it work.

"TIP: Figure out which hatches you can actually still batten, and close all the others."

That's echoed by Kodak's Jones. He's streamlining by looking at where he can reduce the number of suppliers he has, saving time and potentially money as well. For instance, Kodak uses Voltage for e-mail security, but has other vendors provide software for things like Secure FTP. Jones says he's considering adopting the secure file transfer feature of Voltage.

In the end, Jones says, securely handling layoffs means more than just the process itself. "All CSOs need to think beyond the layoffs and think about how to operate effectively with a smaller team," he says.