Dave Cunningham, our Business Technology Officer, has been doing some research on e-mail security and privacy for company executives. In doing that research, he came across an interesting article on a survey that points out that one in three IT administrators say they or one of their colleagues have used top-level admin passwords to pry into confidential or sensitive information at their workplace.
The survey also points out what IT workers would do when asked to select three things they would try to take with them if they were told they would be fired the next day. The top two vote-getters: customer database (35%) and a list of all privileged passwords (31%).
In my 30 years of IT management experience, that is right on the mark. Countless times I can cite situations where outgoing employees have systematically stolen vital company data on the way out. In other cases, we have worked to try and recover data that was systematically deleted. In one case, the IT guy was the culprit. He was terminated and told to go to his desk and gather up his personal items and be out at noon. Instead, he worked systematically to first delete all of the backups, and then he moved on to the servers and quickly deleted all the data before walking out the door. This is why a coordinated employee lock-out procedure is so important when terminating an employee. Human Resources and your trusted IT resource need to coordinate the termination of a problem employee. While HR is meeting with the employee to be terminated, an inconspicuous signal needs to be sent to the pre-prepared trusted IT resource to lock-out all accounts during the termination meeting.
Do you have any interesting anecdotes or horror stories to share?
If so, please share it with me at firstname.lastname@example.org or 949 428-5005.