Wednesday, January 20, 2010

Bill's Recommendations - Mitigating A Employee Termination

As a Information Security professional, one of your major duties will involve risk mitigation to your organizations IT infrastructure. Those risks are both external and internal. Believe it or not, you are more likely to suffer a internal attack than that of a external attack. The internal threat happens commonly at the time of a termination of an employee. Here are some scary statistics for you to look at from a blog over at A common theme from research I have done revolves around communication issues between Human Resources (HR) and Information Technology (IT) departments.

Here's a scenario to consider:


You're a Network Administrator for a local company. Every morning (or evening!) you come in and check your email, grab some coffee or Mt. Dew, check your email again, and start to perform your everyday duties of monitoring, working with resources and active directory and backup duties along with the mountain of projects all IT people have. But I digress......

As you are walking through the halls you notice a office or cube that was previously occupied is empty. You proceed to ask the neighbor closest to them who was in there and the reply is, "Oh, didn't you hear? Joe (or Jane) left the company last week." -OR- "Oh, didn't you hear? Joe (or Jane) was fired last week and made a big scene. It was like watching a bad soap opera......." BUT you stop listening because you are in panic mode right?!?! Your network has had a possible security breach for that period of time and it's still happening right now. You rush off to your HR department to verify.


This situation can be mitigated by opening the communication channels between HR and IT. One should begin by educating the HR department on the threat and risks to data and resources associated with delaying notification to IT a employee termination. You should work with them on a notification process and time table in which they need to notify IT.

Here are some suggested steps to follow when alerted of a pending termination:

1. Immediately disable the employee's user accounts and access to resources. DO NOT DISCUSS WITH ANYONE! It is imperative that confidentiality be maintained during this process. You do not want to alert the employee to pending action(s) because they may begin malicious activities such as deleting data or becoming violent in the workplace.

2. Inform HR that access has been disabled. Request that security or management be present at the time of action. It is important that a procedure be in place for this part. A best practice would be to instruct the employee to cease current activity and to back away from the system and then escorted to HR. The employee should be escorted to and from any point during the termination phase.

3. Perform a full backup and audit of the system. It's also a good idea to check for any encryption software that may be installed. This could bite you badly if the system is turned off and the encryption software requires a password. If encryption exists, request/require that the employee provide the keys used for encrypting and decrypting.

Here are some suggested steps when alerted of a pending voluntary departure:

1. Work on documenting what that employee knows about systems they worked with. I can't tell you how many times I was in a situation where a previous employee knew the ins and outs of a system, network, or wiring infrastructure where there was no documentation when they left or were fired. This can be a major source of frustration for a tech or admin.

2. Ask the employee to train someone on the basics of what they do. This may or may not work, depending on the employee's attitude towards leaving or co-workers. It doesn't hurt to ask.

3. Prepare for the departure. Make a list of assets that will need to be returned and audit afterwards to ensure everything has been returned to the organization. It wouldn't be good have that $1000 laptop go missing and throw a budget out of whack!

4. Keep the Lines of Communication Open. One never knows when a question may come up that only the former employee would know. Maybe they could become a future consultant?

Every organization handles these situations differently. This post just offers some basic suggestions on how to mitigate a possible internal threat to your data and network infrastructure. Here are some links to additional information, both really good articles:

How to Fire an Employee - By Andy Weeks -

Don't Overlook This Easy-To-Miss Security Threat - By Michelle Hamilton -

Friday, January 1, 2010

Bill's Recommendations - It's Book Time! - One Second After

Stop for a moment, and think about what you are doing this very minute......

You obviously are reading this post and possibly looking at other online media while enjoying your iTunes or whatnot. Somewhere off the coast of or in the U.S., some Terrorists or rouge nation have just launched an attack. It comes in the form of single missile tipped with a nuke that detonates in the upper atmosphere. At that moment, your laptop, cell phone, lights and pretty much anything plugged in shuts off and never turns back on. You are just fine, so you wonder what just happened? You also find that your car no longer starts. Something bad HAS happened, and you don't even know. Communication is cut, transportation is cut, and panic soon sets in.

Folks, Electro-Magnetic Pulse or EMP for short, is a real threat to anything with a microchip in it. It's a major security issue and should be handled as such. Most people think that the threat is possible but not likely, so money and time is not invested in retrofitting or "hardening" our infrastructure. Since we are all dependant on technology that we have grown accustomed to, in some cases, not being able to live without should scare us all enough to want to act.

I recommend that you go to your local library and ask for or download to your Sony or Kindle eReader the book titled, "One Second After" by William Forstchen and read it (ISBN-10:0-7653-1758-3). I couldn't put it down because it really made be me stop and think about how dependant we as a society are on technology and how easy it can be to become disconnected with everyone around us. This book is a Sci-Fi novel, but the information it is based upon is real. I enjoyed this book because it's the first novel I have read in a while that actually interested me enough to continue to read to the end and even recommend. I hope you find it as good as I did.

It's Official - Acer is now my laptop of choice

It's been a couple of weeks since I have posted anything. The holidays tend to be a busy time for my family and I. The other reason has been that my acer laptop suffered a hard disk failure.

This morning I woke up and was determined that I could be on the phone for at least an hour running through test after test and speaking with someone I could barely understand.

I spent a total of less than 10 minutes and I have a replacement part on the way within 3-8 business days. AMAZING!!! If this was Dell (sorry Dell, but last I spoke with support, it was rediculous.) I would still be on the phone arguing about not having to send the whole laptop back for a customer verified replacement part.

Acer products continue to amaze me as far as qaulity, value and service. I highly recommend that if you are looking at purchasing a notebook, that you give them a try.