July 17, 2015
The Ghost of Christmas Past is a character everyone has heard of, I’m sure? Well, today’s blog is a twist on that theme as we explore the problems that occur as the result of employees being fired or put out to pasture. Like it or not, having to deal with the digital footprints left by former staffers can be problematic to say the least. In the best case scenario, someone needs to be assigned to pick up where they left off in areas such as social networking, file management and even online security. In the worst case, former employees have been known to rifle their employer’s server, plant malware or even lock their former bosses out of their own systems. Before you start experiencing digital things that go bump in the night, let’s take a hard look at a number of cases involving the ghosts of employees past.
Working the Web of Deceit
A major defense contractor (Lockheed) had its e-mail system crashed for six hours after one terminated employee sent 60,000 co-workers a personal e-mail laced with malware. The contractor was then forced to fly in a Microsoft rescue squad to repair the damage.
A terminated computer technician at a New York publisher (Forbes) caused five of the publisher’s servers to crash. As a result all the information that had been stored on the servers was erased and none of the data was able to be restored. The losses sustained were in excess of $100,000.
If you think that’s bad, an engineering firm suffered $10 million in losses when a terminated network manager unleashed a data bomb in the network he helped create.
In the cases of the defense contractor, the publisher and the engineering firm, all major players that had in their employ teams of skilled programmers and technicians whose job it was to safeguard their electronic assets. If they’re vulnerable to attack by former insiders, what do you think that says about the cyber security of smaller firms?
When the Attack Becomes Personal
eSabotage is not the only method disgruntled former employees have been known to use — some get personal when they are out for revenge. A blog by hitc.com called, “10 Ways Fired Employees Got Revenge on their Bosses,” included the following:
“A former IT manager received a suspended jail sentence for illegally hacking into his old company’s IT systems and rigging his former boss’s Powerpoint presentation to display pornographic photos.”
“An unhappy ex-employee who was made redundant, hacked into his bosses e-mail and sent obscene messages to the senior management team and the company board.”
“A disgruntled ex-employee posted a listing for ‘free household and garage contents’, quoting his former boss’s address. The listing claimed the homeowners were moving to Puerto Rico and didn’t want to keep anything. The ad indicated anyone could come down and take whatever they want. Investigators say the listing gave directions to the home, and even provided the garage code.”
“An angry employee who was given four weeks notice used the company credit card to get a year’s supply of ‘male enhancement’ pills delivered to a variety of senior staff around the office.”
Notice the pattern here? Hell hath no fury like an employee burned. Terminated employees have been known to do everything from destroying equipment or a company’s reputation, to taking out their frustration on bosses or co-workers who they feel were responsible for their downfall. In today’s wired world, it’s all too easy for anyone to talk trash online. Worse is when an ex-employee has uncovered a boss or co-worker’s password in order to make it seem as though the victim is the one who was talking trash.
Although firing an employee is never a pleasant task, it is important to remember that not all those who are fired are going to take the matter lying down. The problem is that while most businesses have some form of hiring manual, I have yet to see a company create a firing manual. Aside from brushing off the psychological shock to the system that being terminated has on most people, the majority of HR departments in businesses large and small as a rule shrug off creating procedures that can mitigate the damage likely to be caused by former employees.
Locking the Barn Door
The following are the top five items that need to be addressed before any employee is given his or her walking papers:
- Does the employee have to the company’s servers and intranet?
- What company communication is the employee privy to?
- Does the employee have a company-issued Smartphone, tablet or laptop?
- How long will it take you to change or delete all related company passwords?
- What e-mail lists, customer lists and company intranets does the employee have access?
Although companies automatically restricts an ex-employees access to the company’s premises and bank accounts, you’d be surprised to learn how few conduct an audit of all the electronic means through which an employee can gain access to potentially disruptive technology. Don’t find out the hard way like the folks who manage Chicago O’Hare Airport. In September 2014, more than 2,000 flights were cancelled and pandemonium ensued when an employee who was facing a transfer, sabotaged the air traffic control center after posting a suicide note on Facebook.
As ‘Business Insider’ (http://www.businessinsider.com/a-suicidal-workers-sabotage-allegedly-grounded-2000-flights-2014-9#ixzz3eIrR6ktU) says:
“Authorities say a contract employee started a fire Friday morning in the basement of a control center in the Chicago suburb of Aurora and then attempted to commit suicide by slashing his throat. Brian Howard, 36, of Naperville, was charged with destruction of aircraft or aircraft facilities, a felony. The FBI said Howard remains hospitalized and no court date has been scheduled.”
“As of midday Saturday, total Chicago flight cancelations for the day stood at more than 700 — still a damagingly high number, but an improvement. Southwest Airlines, the dominant carrier at Midway, had hoped to resume a full flight schedule Saturday, but had to cancel all flights between 10 a.m. and 2 p.m. CDT.”
“Lines remained long at O’Hare, which is a major U.S. hub. Many travelers stranded overnight slept on cots provided by the airport, in scenes reminiscent of winter storm disruptions.”
While the FBI and the TSA had no comment to make regarding the incident, Republican Senator Mark Kirk had this to say:
“Chicago O’Hare International Airport cannot be brought to a screeching halt. I want to see not only an immediate review by the FAA of the screening process at the Chicago Air Route Traffic Control Center in Aurora, but also a report within 30 days outlining changes the FAA will make to prevent any one individual from having this type of impact on the heart of the United States economy.”
Despite spending billions of dollars to keep out terrorists and hijackers, all it took to shut down one of the world’s busiest airports was a disgruntled employee with a gas can and a match. With that in mind, if you own or manage a business that hires and fires, you need to take steps to ensure your firm isn’t blindsided by the ghosts of employees past.
Carl Weiss has been working the web to win since 1995 and has helped hundreds of companies increase their online results. He is president of W Squared Media and co-host of the weekly radio show Working the Web to Win which airs Tuesdays at 4pm Eastern on BlogTalkRadio.com. Click here to get his latest book "Working The Web to Win: When it comes to online marketing, you can't win, if you don't know how to play the game!".