Dave Cunningham, our Business Technology Officer, has
been doing some research on e-mail security and privacy for company
executives. In doing that research, he
came across an interesting article on a survey that points out that one in
three IT administrators say they
or one of their colleagues have used top-level admin passwords to pry into
confidential or sensitive information at their workplace.
The survey also points
out what IT workers would do when asked to select three things they would try
to take with them if they were told they would be fired the next day. The top
two vote-getters: customer database
(35%) and a list of all privileged passwords (31%).
In my 30 years of IT
management experience, that is right on the mark. Countless times I can cite situations where
outgoing employees have systematically stolen vital company data on the way
out. In other cases, we have worked to
try and recover data that was systematically deleted. In one case, the IT guy was the culprit. He was terminated and told to go to his desk
and gather up his personal items and be out at noon. Instead, he worked
systematically to first delete all of the backups, and then he moved on to the
servers and quickly deleted all the data before walking out the door. This is why a coordinated employee lock-out
procedure is so important when terminating an employee. Human Resources and your trusted IT resource
need to coordinate the termination of a problem employee. While HR is meeting with the employee to be
terminated, an inconspicuous signal needs to be sent to the pre-prepared
trusted IT resource to lock-out all accounts during the termination meeting.
Do you have any interesting
anecdotes or horror stories to share?
If so, please share it
with me at toli@alvaka.net or 949 428-5005.