Security's Role in Handling Layoffs

Layoffs are an unfortunate reality in this economic climate. Security has a critical role in helping support both the departing employees and the organization.

The economic crisis has Michael Hamilton worried about worst-case scenarios. One of those isn't losing his job. But as CISO for the City of Seattle, he has to worry about everybody who does lose their jobs.

Laid-off employees could have access to systems that control local utilities, water purification systems, transport systems, public safety systems—Seattle even runs its own municipal power, meaning that it has systems in place that control dams all the way into Eastern Washington.

"The top impact is always the loss of life—that's the worst thing that can happen," says Hamilton. Most data breaches (take this one, for instance) by comparison look merely like an annoyance.

Not that it would be a cheap annoyance to lose data—the Ponemon Institute estimates that each record lost would cost a company $202, not to mention brand equity. Nor does Hamilton take the potential for data breach lightly. Besides death, Hamilton has Terry Childs on his mind. Childs is the San Francisco network administrator who allegedly held the City of San Francisco's network passwords hostage and has been in jail for months awaiting trial.

In the wake of the Childs incident, he hopes the city avoids laying off network administrators or anyone else with high-level systems provisions. "It's a little terrifying" to think about, he says. There's plenty of fear going around right now. The U.S. economy is suffering one of its broadest downturns since World War II, and widespread layoffs have created the likelihood of significant security breaches. Fifty-nine percent of U.S. employees who left a firm in the last year knowingly stole data from their former employer, according to a Ponemon Institute survey of 1,000 people. (See an analysis in Laid-Off Employees as Data Thieves?)

The report, released in February, was sponsored by Symantec. Meanwhile, more than 58 percent of U.S. workers surveyed by Cyber-Ark, an identity management firm, said they would download company or competitive information if they thought they were going to lose their jobs. Granted, all these studies were funded by security companies, which have a vested interest in their outcome. Ironically, the best way to head off data theft in a time of layoffs is probably to focus on the people involved. Technology and processes often, at best, help companies monitor data theft, rather than stop it.

To continue reading this article register now

Make your voice heard. Share your experience in CSO's Security Priorities Study.