How to protect your company when technical staff leave!
This morning on LinkedIn I spotted a wonderful article (depending on your point of view) about a company that had horrific problems when a staff member left the organisation.
According to the blog a I read there is a chap called “Jonathan Eubanks” who left his organisation but then because he had access to remote control software proceeded to wreak havoc. He was caught (eventually) and put in prison for seven years. Little consolation as the company has now folded but what should the company have done before or immediately after he left?
It is always a worry when a high-level person or a technical person leaves your organisation but there are very easy ways to protect yourself
Before things go wrong, plan for them to go wrong! Just because this is not happening right now does not mean it won’t happen tomorrow, next week or next month. Have a documented and tested practice to make sure when staff leave all your ducks are in a row. Often companies will have an exit interview where staff are reminded of company policies, contracts and implications of any breach of these.
Sounds easy and a little bit silly but what does person XYZ have access to? Emails? Files? VPN? Servers? Source code? Cloud accounts? Always think worst case scenario: this can be scary but protect your organisation! Make sure they have a non-disclosure agreement or contract in place (if possible).
If you are replacing the staff member or are worried that they will be “unreceptive” make sure you have support, possibly legal or HR, or both. Sometimes it's handy to have a new staff member (or contractor) to step in quickly to ensure immediate security.
A big mistake an organisation can make is keeping things secret. With the power of social media and social interaction between work colleagues it won’t stay secret for long. You don’t have to go into fine detail but a simple communication about who is no longer with the organisation is often very power powerful
So you have a process, great! Do you know it works? When I am auditing I see lots of plans, processes and procedures which I love, until I ask, “So can I see evidence of this being tested?”. This is often followed by a short silence! Follow the “Deming Cycle”: Plan, Do, Check, Act!
If you are in a position of power within a company and you wanted to “do damage” it’s an easy way of figuring out what you need to protect against. If you need help another good question is “WWDD?”; What would Dave Do? Contact me to find out!
Check out the full article here;