By Carl Weiss
Everyone has heard of the ghost in the machine, right? You know the one about the person who use to work at your company who did something that had a major impact on the way things work? Now everyone has to follow some rule or methodology just to make sure things go as planned. Their legacy, good or bad permanently changed things forever. Well, today’s blog is a twist on that theme. We explore the problems that occur as the result of employees being fired or put out to pasture. Like it or not, having to deal with the digital footprints left by former staffers can be problematic to say the least. In the best case scenario, someone needs to be assigned to pick up where they left off in areas such as social networking, file management and even online security. In the worst case, former employees have been known to rifle their employer’s server, plant malware or even lock their former bosses out of their own systems. Before you start experiencing digital things that go bump in the night, let’s take a hard look at a number of cases involving the ghosts of employees past.
Terminated Employee Turns Terminator
In 2010, a major defense contractor (Lockheed) had its email system crashed for six hours after one terminated employee sent 60,000 coworkers a personal email laced with malware. The contractor was then forced to fly in a Microsoft rescue squad to repair the damage.
|Courtesy of |
More recently, a terminated computer technician at a New York publisher (Forbes) caused five of the publisher’s servers to crash. As a result all the information that had been stored on the servers was erased and none of the data was able to be restored. The losses sustained were in excess of $100,000.
If you think that’s bad, an engineering firm suffered $10 million in losses when a terminated network manager unleashed a data bomb in the network he helped create.
Bear in mind that the defense contractor, the publisher and the engineering firm were all major players that had in their employ teams of skilled programmers and technicians whose job it was to safeguard their electronic assets. If they’re vulnerable to attack by former insiders, what do you think that says about the cyber security of smaller firms?
Beyond eSabotage – The Attack Becomes Personal
Far from being relegated to eSabotage, disgruntled former employees have been known to get personal when they are out for revenge. A blog by hitc.com called, “10 Ways Fired Employees Got Revenge on their Bosses,” included the following:
“A former IT manager received a suspended jail sentence for illegally hacking into his old company’s IT systems and rigging his former boss’s Powerpoint presentation to display
“An unhappy ex-employee who was made redundant, hacked into his bosses email and sent obscene messages to the senior management team and the company
“A disgruntled ex-employee posted a listing for 'free household and garage contents', quoting his former boss's address. The listing claimed the homeowners were moving to Puerto Rico and didn't want to keep anything. The ad indicated anyone could come down and take whatever they want. Investigators say the listing gave directions to the home, and even provided the garage code.”
“An angry employee who was given 4 weeks notice used the company credit card to get a year’s supply of 'male enhancement' pills delivered to a variety of senior staff around the office.”
Are you starting to detect a pattern here? Hell hath no fury like an employee burned. Terminated employees have been known to do everything from destroying equipment or a company’s reputation, to taking out their frustration on bosses or coworkers who they feel were responsible for their downfall. In today’s wired world, it’s all too easy for anyone to talk trash online. Worse is when an ex-employee has uncovered a boss or coworker’s password in order to make it seem as though the victim is the one who was talking trash.
While terminating an employee is always an unpleasant task, it is important to remember that not all those who are fired are going to take the matter lying down. The problem is that while most businesses have some form of hiring manual, I have yet to see a company create a firing manual. Aside from brushing off the psychological shock to the system that being terminated has on most people, the majority of HR departments in businesses large and small as a rule shrug off creating procedures that can mitigate the damage likely to be caused by former employees.
Things to do Before Terminating Someone
It goes without saying that all companies need to have a policy manual spelling out employee conduct and also have a plan in place that deals with both good and bad employee conduct. It not only need to spell out what the negative behaviors are, but what to do when an employee is acting in a negative way. I suggest that any time an employee steps out of line, that an entry of their behavior be recorded in the file and that they be brought in for review and then be put on probation. This review needs to spell out the consequences and it is at this point (way before eSabotage can take place) that safeguards be put in place to protect the company and monitor the employee further. Have a plan to try and improve the performance. Your Discipline needs to be progressive in nature. You also have to make sure you are not firing anyone because of age, sex, race, religion, disability or national origin because doing so can lead to a very expensive lawsuit. You cannot fire someone for revenge for exposing your behavior as well. Also employee policies cannot be cherry picked or selectively enforced in any way, this too can lead to a law suit. Make sure you have a consensus of all departments and those depended on that employees work. Understand the full consequences of firing that person. Once you have covered all your bases from a policy and procedure aspect, make sure you now look at your IT security and other data vulnerabilities.
Take Care of These Top Five Security Risks
Here are the top 5 items that need to be addressed before any employee is given his or her walking papers:
1. How much access does the employee have to the company’s servers and intranet?
2. What kind of company communication is the employee privy to?
3. Does the employee have a company-issued smartphone, tablet or laptop?
4. How long will it take you to change or delete all related company passwords?
5. What email lists, customer lists and company intranets does the employee have access?
While every company automatically restricts an ex-employees access to the company’s premises and bank accounts, you’d be surprised to learn how few conduct an audit of all the electronic means through which an employee can gain access to potentially disruptive technology. Don’t find out the hard way like the folks who manage Chicago O’Hare Airport. In September 2014, more than 2,000 flights were cancelled and pandemonium ensued when an employee who was facing a transfer, sabotaged the air traffic control center after posting a suicide note on Facebook.
A quote from Business Insider read:
“Authorities say a contract employee started a fire Friday morning in the basement of a control center in the Chicago suburb of Aurora and then attempted to commit suicide by slashing his throat. Brian Howard, 36, of Naperville, was charged with destruction of aircraft or aircraft facilities, a felony. The FBI said Howard remains hospitalized and no court date has been scheduled.”
“As of midday Saturday, total Chicago flight cancelations for the day stood at more than 700 — still a damagingly high number, but an improvement. Southwest Airlines, the dominant carrier at Midway, had hoped to resume a full flight schedule Saturday, but had to cancel all flights between 10 a.m. and 2 p.m. CDT.”
“Lines remained long at O'Hare, which is a major U.S. hub. Many travelers stranded overnight slept on cots provided by the airport, in scenes reminiscent of winter storm disruptions.”
Neither the FBI nor the TSA had any comment to make regarding the incident. Republican Senator Mark Kirk had this to say:
"Chicago O'Hare International Airport cannot be brought to a screeching halt. I want to see not only an immediate review by the FAA of the screening process at the Chicago Air Route Traffic Control Center in Aurora, but also a report within 30 days outlining changes the FAA will make to prevent any one individual from having this type of impact on the heart of the United States economy."
The moral of the story is that even after spending billions of dollars to keep out terrorists and hijackers, all it took to shut down one of the world’s busiest airports was a disgruntled employee with a gas can and a match. With that in mind, if you own or manage a business that hires and fires, you need to take steps to ensure your firm isn’t blindsided by the ghosts of employees past.
In this article I have explored many of the dangers businesses inherited when they adopted the electronic rich internet connected world we live in today. Since all companies have some form of electronic infrastructure, all are vulnerable in some way to electronic Sabotage (eSabotage). This article provides many examples of how employees who were fired created mass havoc for the companies they left by sabotaging that companies email systems and servers. Many links and details are provided for the reader to explore this subject further.
If you found this article useful please share it with your friends, family and co-works. If you would like to learn more about this subject, visit the notes page on this blog for the BlogTalkRadio show dated 6/29/15. I recommend check out "Cyberstalking for Fun & Profit - Is There a Cyber Stalker in Your Future?" or "Your Online Reputation Can Either Make You or Break You". You can also search for other related articles by typing in “internet security” in the search box in the upper left hand corner of this blog.
If you'd like a free copy of our eBook, "Internet Marketing Tips for the 21st Century," please fill in the form below and give you immediate access to it. Your information is always kept private and is never sold.
Carl Weiss is president of Working the Web to Win, an award-winning digital marketing agency based in Jacksonville, Florida. You can listen to Carl live every Tuesday at 4 p.m. Eastern on BlogTalkRadio.