The Ghosts of Employees Past

By Carl Weiss

Everyone has heard of the Ghost of Christmas Past, right?  Well, today’s blog is a twist on that theme as we explore the problems that occur as the result of employees being fired or put out to pasture.  Like it or not, having to deal with the digital footprints left by former staffers can be problematic to say the least.  In the best case scenario, someone needs to be assigned to pick up where they left off in areas such as social networking, file management and even online security.  In the worst case, former employees have been known to rifle their employer’s server, plant malware or even lock their former bosses out of their own systems.  Before you start experiencing digital things that go bump in the night, let’s take a hard look at a number of cases involving the ghosts of employees past.

Working the Web of Deceit

In 2010, a major defense contractor (Lockheed) had its email system crashed for six hours after one terminated employee sent 60,000 coworkers a personal email laced with malware  The contractor was then forced to fly in a Microsoft rescue squad to repair the damage.

More recently, a terminated computer technician at a New York publisher (Forbes) caused five of the publisher’s servers to crash.  As a result all the information that had been stored on the servers was erased and none of the data was able to be restored. The losses sustained were in excess of $100,000.

If you think that’s bad, an engineering firm suffered $10 million in losses when a terminated network manager unleashed a data bomb in the network he helped create.

Bear in mind that the defense contractor, the publisher and the engineering firm were all major players that had in their employ teams of skilled programmers and technicians whose job it was to safeguard their electronic assets.  If they’re vulnerable to attack by former insiders, what do you think that says about the cyber security of smaller firms?

When the Attack Becomes Personal

Far from being relegated to eSabotage, disgruntled former employees have been known to get personal when they are out for revenge.  A blog by hitc.com called, “10 Ways Fired Employees Got Revenge on their Bosses,” included the following:

“A former IT manager received a suspended jail sentence for illegally hacking into his old company’s IT systems and rigging his former boss’s Powerpoint presentation to display pornographic photos.”

“An unhappy ex-employee who was made redundant, hacked into his bosses email and sent obscene messages to the senior management team and the company 
board.”

“A disgruntled ex-employee posted a listing for 'free household and garage contents', quoting his former boss's address. The listing claimed the homeowners were moving to Puerto Rico and didn't want to keep anything. The ad indicated anyone could come down and take whatever they want. Investigators say the listing gave directions to the home, and even provided the garage code.”

“An angry employee who was given 4 weeks notice used the company credit card to get a year’s supply of 'male enhancement' pills delivered to a variety of senior staff around the office.”

Are you starting to detect a pattern here?  Hell hath no fury like an employee burned.  Terminated employees have been known to do everything from destroying equipment or a company’s reputation, to taking out their frustration on bosses or coworkers who they feel were responsible for their downfall.  In today’s wired world, it’s all too easy for anyone to talk trash online.  Worse is when an ex-employee has uncovered a boss or coworker’s password in order to make it seem as though the victim is the one who was talking trash.

While terminating an employee is always an unpleasant task, it is important to remember that not all those who are fired are going to take the matter lying down.  The problem is that while most businesses have some form of hiring manual, I have yet to see a company create a firing manual.  Aside from brushing off the psychological shock to the system that being terminated has on most people, the majority of HR departments in businesses large and small as a rule shrug off creating procedures that can mitigate the damage likely to be caused by former employees.

Locking the Barn Door

Here are the top 5 items that need to be addressed before any employee is given his or her walking papers:

1.      How much access does the employee have to the company’s servers and intranet?
2.      What kind of company communication is the employee privy to?
3.      Does the employee have a company-issued smartphone, tablet or laptop?
4.      How long will it take you to change or delete all related company passwords?
5.      What email lists, customer lists and company intranets does the employee have access?

While every company automatically restricts an ex-employees access to the company’s premises and bank accounts, you’d be surprised to learn how few conduct an audit of all the electronic means through which an employee can gain access to potentially disruptive technology.  Don’t find out the hard way like the folks who manage Chicago O’Hare Airport.  In September 2014, more than 2,000 flights were cancelled and pandemonium ensued when an employee who was facing a transfer, sabotaged the air traffic control center after posting a suicide note on Facebook.

A quote from Business Insider read:
“Authorities say a contract employee started a fire Friday morning in the basement of a control center in the Chicago suburb of Aurora and then attempted to commit suicide by slashing his throat. Brian Howard, 36, of Naperville, was charged with destruction of aircraft or aircraft facilities, a felony. The FBI said Howard remains hospitalized and no court date has been scheduled.”
“As of midday Saturday, total Chicago flight cancelations for the day stood at more than 700 — still a damagingly high number, but an improvement. Southwest Airlines, the dominant carrier at Midway, had hoped to resume a full flight schedule Saturday, but had to cancel all flights between 10 a.m. and 2 p.m. CDT.”
“Lines remained long at O'Hare, which is a major U.S. hub. Many travelers stranded overnight slept on cots provided by the airport, in scenes reminiscent of winter storm disruptions.”

Neither the FBI nor the TSA had any comment to make regarding the incident.  Republican Senator Mark Kirk had this to say:
"Chicago O'Hare International Airport cannot be brought to a screeching halt.  I want to see not only an immediate review by the FAA of the screening process at the Chicago Air Route Traffic Control Center in Aurora, but also a report within 30 days outlining changes the FAA will make to prevent any one individual from having this type of impact on the heart of the United States economy."

The moral of the story is that even after spending billions of dollars to keep out terrorists and hijackers, all it took to shut down one of the world’s busiest airports was a disgruntled employee with a gas can and a match.  With that in mind, if you own or manage a business that hires and fires, you need to take steps to ensure your firm isn’t blindsided by the ghosts of employees past. 

No comments:

Post a Comment