Identifying and analysing the risk to your organisation from a disgruntled former employee is an extension of the overall risks your systems face every day. Unfortunately, for many organisations, a comprehensive risk and vulnerability analysis is often beyond budgetary constraints. However, there are some common steps that you can pursue.
Begin by identifying your exposure or vulnerability based on a comprehensive audit of your information system assets. Then, analyse these assets for weaknesses based on the three primary components of information system security:
- Confidentiality: Assurance that the organisation´s information assets aren´t disclosed inappropriately.
- Integrity: Assurance of the accuracy and reliability of information system assets.
- Availability: Assurance that information system assets are available in a timely, reliable, and predictive manner.
Next, consider the cost or impact of a breach in each category to identify your risk priorities. To do this, ask yourself the following questions:
- What is the value of the asset?
- How complicated would it be to compromise the asset?
- What is the probability for the threat to occur?
- What is the cost if the asset is compromised?
- How difficult would it be to recover the asset?
Finally, take steps to mitigate these risks. These steps will range from locking down application security to removing physical access to system assets.
The key to protecting the organisation from inappropriate actions of a dismissed employee is speed and preparation. Personnel situations usually don´t allow you ample time to prepare; therefore, this is where your planning will pay off. For example, you should take the following actions within the first couple of hours following an employee separation:
- Remove physical access to IT assets.
- Revoke network, Web, and application authorisation/authentication.
- Isolate systems. (This could mean removal of VPN, modem, or other access.)
- Seek the return of all company assets.
- Perform a risk assessment of the individual with the employee´s supervisor and coworkers.
- Conduct an exit interview, during which you can also assess risk.
- Assure that the individual leaves the work location as soon as possible.
- Assign a responsible resource to accompany this employee at all times.
- Audit the employee´s workstation and work area to determine the risk level.
- Notify fellow staff members of the termination.
- Perform a safety assessment with appropriate precautions to ensure that your coworkers are safe.
- Review incident response plans and keep them at the ready.
While many of the steps may appear harsh, so is the impact of inappropriate actions. Preparation can make all the difference.
Scott Withrow has more than 20 years of IT experience, including IT management, Web development management, and internal consulting application analysis.
