Corporate Information Security during Layoffs - What will get stolen

A recent study confirmed the long known fact - any employee that is being fired will try to steal something from his now ex-employer.

While 20 years ago one the companies had to worry about stolen petty cash or office supplies, today such items are not the target of the disgruntled ex-employee. Instead, especially in IT companies the laid off employee will try to:

  1. steal corporate information or documents
  2. steal confidential data,
  3. create some form of flaw in the system that will hurt his ex-employer
  4. all of the above

When dismissing a single employee one can make provisions so that no damage is done - locking out his accounts, security guard being present when clearing the desk etc.

Performing the same amount of diligence when laying off hundreds or thousands of employees is much more difficult. For example, Nortel announced that they'll be laying off more then 3,200 employees. So while HR departments do the headcount and select the redundant, there will be a window of several days to several weeks for a lot of insecure employees to become instant corporate spies undercover system vandals, or a combination of both.

Corporations will soon find that the only defense against such employees is the currently implemented system security and procedures, which will deter any attempts to steal information or assets undetected. And only now will they find out that all the cost cutting on audit systems and data encryption and information protection was not worth the saved amount.

So, what piece of information will get stolen next?

Talkback and comments are most welcome

Related posts
6 steps to securing your backup media
8 Tips for Securing from the Security experts
Be Aware of Security Risks of USB Flash Drives

2 comments:

Liza said...

You bring up a great point, I haven't actually thought about it before. For people working at a company with lots of classified information, the NDA becomes close to worthless once they don't actually work for the company anymore.

Bozidar Spirovski said...

The NDA is worth nothing even for current employees if you can't identify the person who breached the NDA
That's where security processess comes in

Designed by Posicionamiento Web