Comments on: Former worker sentenced for sabotaging company servers http://www.hrblunders.com/former-worker-sentenced-for-sabotaging-company-servers/ The worst mistakes, catastrophes, and near-misses Sat, 24 Jul 2010 21:23:25 -0400 http://wordpress.org/?v=abc hourly 1 By: Sue D http://www.hrblunders.com/former-worker-sentenced-for-sabotaging-company-servers/comment-page-1/#comment-5263 Sue D Thu, 06 Nov 2008 22:49:10 +0000 http://www.hrblunders.com/?p=411#comment-5263 No position in the company, should have the "keys to their kingdom". All key positions, have access to sensitive data, that no one else has. The most sensitive position is IT. Every position should have it's backup, with security access codes to websites, account numbers, etc. This is just good business. IT is no different. Even if it's a binder or a CD, or something that is locked up, just in case the employee gets hit by a bus. This should be a no-brainer for any company, no matter what size! The damage done or the lack of work you're able to do by an ex-employee or an employee that gets hit by a bus can be "examined" when you work through your disaster recovery plan. If you don't have your ducks in a row now, this is a good way to cover your intentions and get it done without alarming anyone. Call a meeting of your executive staff, and run through disaster scenarios. What if the CFO get's hit by a bus, who has his access? who else can sign checks? Who is authorized to add people to accounts. What if the CIO get's hit by a bus? Who has the passwords, etc?. Whether you are intending to fire someone or not, this is a good way to avert a disatrous situation down the road. No position in the company, should have the “keys to their kingdom”. All key positions, have access to sensitive data, that no one else has. The most sensitive position is IT. Every position should have it’s backup, with security access codes to websites, account numbers, etc. This is just good business. IT is no different. Even if it’s a binder or a CD, or something that is locked up, just in case the employee gets hit by a bus. This should be a no-brainer for any company, no matter what size! The damage done or the lack of work you’re able to do by an ex-employee or an employee that gets hit by a bus can be “examined” when you work through your disaster recovery plan. If you don’t have your ducks in a row now, this is a good way to cover your intentions and get it done without alarming anyone. Call a meeting of your executive staff, and run through disaster scenarios. What if the CFO get’s hit by a bus, who has his access? who else can sign checks? Who is authorized to add people to accounts. What if the CIO get’s hit by a bus? Who has the passwords, etc?. Whether you are intending to fire someone or not, this is a good way to avert a disatrous situation down the road.

]]> By: Beverly C http://www.hrblunders.com/former-worker-sentenced-for-sabotaging-company-servers/comment-page-1/#comment-5241 Beverly C Wed, 05 Nov 2008 22:02:08 +0000 http://www.hrblunders.com/?p=411#comment-5241 A one-man/woman IT shop is a liability for any organization. Most IT consultants recommend that you have at least two people who know your IT set up and all its passwords, settings and controls. What would you do if your IT admin got hit by a truck? Who'd have the "keys" to the kingdom then? Best idea: Have either your new IT person or a temp with IT skills on hand when you decide to terminate the administrator. Make sure the new person has the know-how to change settings, passwords and take the hand off from the departing staffer. And then make sure your firewall's in place to protect you from outside penetration by a disgruntled former employee. Eliminate any accounts and change all passwords your old admin used. This wasn't done recently by a California company, where the ex-IT manager was able to log onto his former employer's network five months after being fired (he used an old password that had been valid before he was fired and, to his disbelief, the company had no firewall and the passwords were never changed.) He opened the email server up to spammers. Employees wound up not being able to send or receive email or look up old messages for days, and the company was also blacklisted by an anti-spam organization. The lesson: Be careful who you hire or fire from IT jobs. A one-man/woman IT shop is a liability for any organization. Most IT consultants recommend that you have at least two people who know your IT set up and all its passwords, settings and controls. What would you do if your IT admin got hit by a truck? Who’d have the “keys” to the kingdom then?

Best idea: Have either your new IT person or a temp with IT skills on hand when you decide to terminate the administrator. Make sure the new person has the know-how to change settings, passwords and take the hand off from the departing staffer. And then make sure your firewall’s in place to protect you from outside penetration by a disgruntled former employee. Eliminate any accounts and change all passwords your old admin used.

This wasn’t done recently by a California company, where the ex-IT manager was able to log onto his former employer’s network five months after being fired (he used an old password that had been valid before he was fired and, to his disbelief, the company had no firewall and the passwords were never changed.) He opened the email server up to spammers. Employees wound up not being able to send or receive email or look up old messages for days, and the company was also blacklisted by an anti-spam organization.

The lesson: Be careful who you hire or fire from IT jobs.

]]> By: Kathleen http://www.hrblunders.com/former-worker-sentenced-for-sabotaging-company-servers/comment-page-1/#comment-5240 Kathleen Wed, 05 Nov 2008 21:10:04 +0000 http://www.hrblunders.com/?p=411#comment-5240 We have one IT Systems Administrator. How would you go about blocking his access so this person wouldnt be able to do any damage? This person is the only one who has control over all of our IT operations. Would you hire someone to come in before the termination and deny the access? Where would you find someone to do this? We have one IT Systems Administrator. How would you go about blocking his access so this person wouldnt be able to do any damage? This person is the only one who has control over all of our IT operations. Would you hire someone to come in before the termination and deny the access? Where would you find someone to do this?

]]> By: R. B. http://www.hrblunders.com/former-worker-sentenced-for-sabotaging-company-servers/comment-page-1/#comment-5181 R. B. Mon, 03 Nov 2008 16:34:43 +0000 http://www.hrblunders.com/?p=411#comment-5181 It's always nice when there are reasonable consequences for destructive actions. His assertion that he only wanted to cause "a small hiccup" just doesn't fly. It's kind of like saying, "I just wanted to hurt him, not kill him" after you've beaten someone to death. Even if the company wasn't totally fair in their treatment of Patel, he was completely unjustified in trying to do them harm. He should have sought legal recourse, assuming any was due, and not taken things into his own hands. It’s always nice when there are reasonable consequences for destructive actions. His assertion that he only wanted to cause “a small hiccup” just doesn’t fly. It’s kind of like saying, “I just wanted to hurt him, not kill him” after you’ve beaten someone to death. Even if the company wasn’t totally fair in their treatment of Patel, he was completely unjustified in trying to do them harm. He should have sought legal recourse, assuming any was due, and not taken things into his own hands.

]]>