Downsizings leave firms vulnerable to digital attacks

Computerworld - During the current wave of corporate layoffs, companies should be extra vigilant about digital sabotage by disgruntled ex-employees, according to security analysts. As employers pare down their payrolls to cut costs, many companies may unwittingly be leaving themselves vulnerable to hostile actions by discharged workers, including theft of confidential company information, illegal use of a company's IT resources and hidden "logic-bombs" that can destroy vital data.
"During times of an economic slowdown, it is common to see an increase in security incidents" caused by frustrated and hostile former employees, said Michael Rasmussen, an analyst at Giga Information Group Inc. in Boston.
That's why it's generally a good idea to thoroughly beef-up existing security processes just before, during and immediately after large-scale layoffs, analysts said.
Common mistakes that contribute to the problem include a failure to disable the passwords and accounts of former employees, a lack of formal rules for the return of company laptops and handhelds and a failure to plug holes that make it possible for an ex-employee to exploit a former colleague's user account to gain illegal access.
Such problems are exacerbated during times of mass layoffs, particularly when IT staffers are given little advance notice and don't have enough time to finish the technical chores necessary to prevent sabotage, said Chris Wysopal, a director at @Stake Inc., a Cambridge, Mass.-based security firm that last week issued an advisory on the subject.
"If you don't have a very good termination policy and good record keeping of all the different access points that people had as employees, you are going to miss something," Wysopal said.
"Unfortunately, though, a lot of the time we hear from companies wanting to tighten their firewalls and intrusion-detection systems only when they are actually laying off people," he added.

Security at Stake @Stake's guidelines for limiting threats from disgruntled former employees. MAINTAIN a log of all the perimeter connections made by employees. When someone leaves, it becomes easier to identify and close the holes this way. CHECK for and close unofficial accounts that may have been set up by employees. TERMINATE user accounts and disable passwords. WORK together with all relevant departments to ensure smooth implementation of security processes.