Recently I have been conducting our security assessment service for a number of clients. Now these clients ranged in sizefrom large enterprises to small SMEs and are spread across numerous sectors, but they all had one thing in common. They all had very poor staff termination processes for employees leaving the organisation under either amicable or hostile situations (i.e. they were fired).
In all cases IT were the last to know that someone was no longer employed by the organisation resulting in user accounts that are no longer valid being still active on the system. Some of these accounts would also have had remote access facilities allowing the user to connect to the network remotely.
It was interesting to note how many of the organisations did not think this was much of an issue until I delved into whether or not they had any security issues resulting from this lack of control. While not all companies had experienced a problem, a significant portion did ranging from corporate data being taken by the exiting employee, ex-employees still accessing email and other network services via their account using remote access, to other staff using the ex-employees’ credentials to access data they otherwise were not authorised to.
While most people leaving an organisation do so under amicable circumstances there are a certain number who are not happy with their situation as the Art of the Prank blog points out in their Last Day on The Job post (hat tip to Damien for this).
Given the current economic climate the chances are that a more and more companies will be downsizing and making staff redundant. This will greatly increase the risk that a disgruntled exiting employee may take their frustration out on the IT systems. Indeed there is also the risk that those employees that remain may feel disgruntled as to what the company has done to their friends or fear for their own job and abuse their access to wreak their revenge or steal sensitive information.
If you have not done so recently I suggest that you engage with your senior management and your HR department to ensure that you and those responsible for managing system access are kept fully informed about potential staff changes so appropriate measures can be put in place. I would also suggest that you investigate any unusual network or email usage that may indicate someone is siphoning off sensitive information to their home account or elsewhere before they hand in their resignation.