Action Plan: Step up monitoring and shut down access as quickly as possible to make sure no intellectual property leaks out.
Security Manager's Journal: Massive layoff is a security issue
It's not easy knowing that 1,000 people will lose their jobs. And it's no picnic making sure that no IP is lost in the process.
Computerworld - It's been a rough week. Today, my company announced a 15% cut in its workforce, or about 1,000 employees.
Naturally, I knew this well before today. Layoffs are never easy, and it can be agonizing to come into contact with co-workers -- some of them friends -- and say nothing, despite knowing that they will lose their jobs in a few days. But as the security officer, I needed to be privy to the list ahead of time because I had to take steps to ensure continued security.
My first task was to identify any layoff candidates who represented single points of failure, meaning they were the only employees who could perform a particular critical job function. Single points of failure, human or otherwise, are a bad idea. But it happens, and it's better to recognize them in advance than to realize your mistake after they've left the company.
I was also expected to identify employees who could pose a danger to themselves, others or company resources. This isn't really something that involves information security, but the "security" label in my title has drawn me into some areas related to physical security.
Finally, I had to secure our intellectual property. While some employees were asked to stay for one to three months, many were told to leave immediately. Those employees' accounts had to be terminated as quickly as possible. For example, many of them were service technicians, and we couldn't risk letting any of them retain access to the network and our highly valuable service documentation.
Ahead of the notification, I briefed my security engineers about the pending action and had them pay more attention than usual to our intrusion-detection sensors. Currently, our sensors are positioned to watch traffic running from the Internet to our DMZ and the data center. I wanted to watch for denial-of-service attacks and attempts to gain unauthorized access to our critical systems. I also had some extra rules put in place for our data-leak prevention infrastructure to watch for all PDF files, source code and CAD documents leaving the company, since these three file types represent a large portion of our valuable intellectual property.
We've done this sort of thing before, but never on this scale, and it was a challenge to terminate hundreds of accounts in a very short period of time while minimizing the number of people who would know about the layoffs in advance.
Since we don't have a robust identity management tool, several interfaces must be used to remove access. The most important deactivation is the domain account, since many of our critical business systems are configured with single sign-on. Other systems, such as our SecureID servers, BlackBerry Enterprise Servers and remote access, couldn't be tackled ahead of time. And because we were laying off some network engineers, we had to remove access to resources such as routers, switches and telephony systems that are managed independently of the single sign-on environment, and we had to change all administrative passwords. Some of this was handled in advance by using scripts that kicked in after the notification was announced, but scripts don't always work as anticipated.
Notification day is drawing to a close, and so far we have seen a few sensitive documents being sent to Yahoo addresses -- events that I have started to investigate. Otherwise, everything has been quiet, with all the scripts and account terminations working well. My next task is to figure out how to do more with less, which I'll discuss in my next column.
Join in. To join in the discussions about security, go to computerworld.com/blogs/security.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts