Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Employees Admit They'd Walk Out With Stolen Data If Fired

samzenpus posted more than 2 years ago | from the take-this-data-and-shove-it dept.

Businesses 380

Gunkerty Jeb writes "In a recent survey of IT managers and executives, nearly half of respondents admitted that if they were fired tomorrow they would walk out with proprietary data such as privileged password lists, company databases, R&D plans and financial reports — even though they know they are not entitled to it. So, it's no surprise that 71 percent believe the insider threat is the priority security concern and poses the most significant business risk. Despite growing awareness of the need to better monitor privileged accounts, only 57 percent say they actively do so. The other 43 percent weren't sure or knew they didn't. And of those that monitored, more than half said they could get around the current controls."

cancel ×

380 comments

Sorry! There are no comments related to the filter you selected.

Best Pratices (5, Interesting)

Mafiasecurity (2561885) | more than 2 years ago | (#40316885)

I remember reading long time ago in security 101 best practices to remove employee's network privileges a week before they receive the notice. I also know of a big company which had ITSEC work all weekend to remove and change creds so when workers came to work Monday they found themselves now jobless.

Re:Best Pratices (4, Insightful)

Anonymous Coward | more than 2 years ago | (#40316925)

I'm not sure that's really a best practice. Rather than dealing with the risk of data theft, you end up with the risk of them shooting up the building or engaging in non-network sabotage while they still have their access cards.

The best practice here is to remove their access at the moment they're notified and escorted off premises if the data is that important.

Re:Best Pratices (5, Interesting)

black6host (469985) | more than 2 years ago | (#40317701)

The best practice here is to remove their access at the moment they're notified and escorted off premises if the data is that important.

That was SOP at a client I did work with. Nobody in house could handle the changes required to disable access to the systems so when someone was being fired, they let me know and I disabled access early in the morning of the day of their termination.

One time they asked me to do that for a person in a key position and I asked them repeatedly if they were going to terminate the person as soon as they walked in the door the next morning. They assured me, repeatedly, that they would be waiting at the door to take them into the owners office. Of course I had explained the consequences if they didn't (The employee would know before being told, which is a bit rude in my opinion, not to mention if the employee wanted to create a scene before being escorted out the door they'd have time to do it.)

Of course, I get a call first thing in the morning from the person being terminated: "I can't log into the system..." Idiots......

Re:Best Pratices (4, Insightful)

Penguinisto (415985) | more than 2 years ago | (#40316949)

It would depend on the employee, I suspect. As a sr. sysadmin, if my access was cut off, I'd know immediately what was up (since I'd need it for my job), and if I were unscrupulous, I'd have alternate backdoor accounts and backups already in place to suck out all the data that I really wanted. *shrug*.

Employer could always be nice (5, Interesting)

BrokenHalo (565198) | more than 2 years ago | (#40317263)

This survey seems (admittedly without having read TFA) to be skewed by the "if fired" clause. Now, I would have thought most admins would have their privileges revoked if they were being sacked, but here's a question:

How many of us, if on the receiving end of unjust treatment, would honestly not at least entertain the fantasy of "getting back" at that company? Be honest, now.

Thought so.

Since the company invests a lot of trust in its sysadmins, it should at least treat them respectfully, since trust has to work both ways.

Re:Employer could always be nice (5, Interesting)

houstonbofh (602064) | more than 2 years ago | (#40317455)

Been laid off a few times. Most of the time I stayed on and had full access for the two weeks they paid me to stay and do knowledge transfer. I guess it depends on the person...

Re:Best Pratices (1)

Anonymous Coward | more than 2 years ago | (#40317041)

Hello Help Desk? My email password isn't working.
> Yep, says here you've been terminated. Nobody told you?

Re:Best Pratices (5, Funny)

Joe_Dragon (2206452) | more than 2 years ago | (#40317217)

I told those fudge-packers I liked Michael Bolton's music.

Re:Best Pratices (1)

Johann Lau (1040920) | more than 2 years ago | (#40317615)

He represents all that is soulless and wrong! And you slept with him!

Re:Best Pratices (4, Insightful)

epyT-R (613989) | more than 2 years ago | (#40317389)

This is the kind of treatment that makes workers angry enough to do the things your 'big company' doesn't want happening in the first place.

This Survey was Stolen (1, Funny)

lemur3 (997863) | more than 2 years ago | (#40316891)

sad news is that we can only see this survey because some schmuck got fired.

...and what would you do with it? (5, Insightful)

Penguinisto (415985) | more than 2 years ago | (#40316911)

I recall distinctly during my time with a certain F50 company that they would not only refuse to buy any of the secrets, but that they would be the first to call the FBI on you for trying. The last thing they wanted or needed was to have those secrets unearthed years later, potentially costing them billions of dollars.

Now the gray/black market? Maybe... but that's as much of a jail risk as carrying around an open box full of kiddy porn in front of a police station.

If anything, the things I can see IT employees walking out with are software licenses, images (even hardware!) and crap like that - things they would find useful to themselves later on.

Re:...and what would you do with it? (2)

Billly Gates (198444) | more than 2 years ago | (#40317103)

Hospitals or financial institutions can be a little different. You can hold the hospital hostage with HIPA as if they did call the FBI they would have to pay millions in fines after I release the data.

With a financial institutions the Russian Mobfia will pay quite handsomly and do the dirty criminal work for you for bank account numbers, passwords, and credit card number.s

Re:...and what would you do with it? (2)

mysidia (191772) | more than 2 years ago | (#40317735)

If anything, the things I can see IT employees walking out with are software licenses

I assume you mean copies of serial numbers / license keys. The actual license/right to use software still belongs to the company in that case; the employee that makes unauthorized use of a serial number to reuse software for production purposes elsewhere would just be pirating software, plain and simple, they don't actually get a license just because they misappropriated a copy of the key; they might have done that at any time for "educational purposes", but they lose their rights to the sw at the time of termination.

The software vendor might have even encouraged that at times by issuing companies demo keys to be used for test labs and staff training purposes.

A sysadmin may have actually needed such a copy of the software licensed to learn the product, before deploying software in the organization.

IT staff definitely need access to software license keys to maintain, install, update software, so while they are at risk of being used improperly, there's really no fix to that.

If there were a fix, it would be the very sort of IT staff you are trying to regulate/monitor who would have to be very diligent in the implementation of any key protection scheme.

Encryption (0)

Anonymous Coward | more than 2 years ago | (#40316913)

That's why you should use appropriate encryption policies for you business data!

how stupid are people? (5, Interesting)

SoupGuru (723634) | more than 2 years ago | (#40316921)

I honestly don't understand. IT people need to be trusted with very important data. Each time one of these surveys come out they demonstrate that they can't be trusted with data.

As an IT guy, I wouldn't consider for a second walking out with data that's not mine. What the hell is wrong with the rest of you?

Re:how stupid are people? (0)

Anonymous Coward | more than 2 years ago | (#40317031)

What the hell is wrong with the rest of you?

Their upbringing.

Re:how stupid are people? (1)

epyT-R (613989) | more than 2 years ago | (#40317567)

don't forget the upbringing of the insecure blowhards who fired him without real justification in the first place.

Re:how stupid are people? (0)

Anonymous Coward | more than 2 years ago | (#40317765)

um, right... People are never fired for legitimate reasons.

Re:how stupid are people? (2)

cheater512 (783349) | more than 2 years ago | (#40317039)

I'm not sure if this includes knowledge.

If I got fired today there is an awful lot of knowledge which is in my brain which could be damaging to the company depending who got it.

Re:how stupid are people? (1)

Anonymous Coward | more than 2 years ago | (#40317365)

Your company doesn't deneuralize you when you leave? Mine certainly does.

~Agent P

Re:how stupid are people? (4, Interesting)

Jah-Wren Ryel (80510) | more than 2 years ago | (#40317071)

As an IT guy, I wouldn't consider for a second walking out with data that's not mine. What the hell is wrong with the rest of you?

The summary, at least, says it is not "IT guys" it is IT management that has ethical problems here. Not too surprising given that full-blown psycopathy is 4x more common in senior managers than in the general population. [cnn.com] Since psycopathy is really a continuum with only the really extreme types qualifying for the label, you don't have to be a full-fledged pyscopath to rationalze walking out with stolen data either.

Re:how stupid are people? (1)

houstonbofh (602064) | more than 2 years ago | (#40317481)

I wondered what the parent post was talking about as well. Those weren't IT guys surveyed, but business majors... You can lie and still get a job in management. You can't in IT.

Re:how stupid are people? (2)

Billly Gates (198444) | more than 2 years ago | (#40317083)

Boy, wouldn't it be great if that problem went. Like if there is some managed solution provider out there who can do data backups, saves money, never have to see them etc.

It smells like a cloud advertisement. Why have data hosted locally if you they are going to steal it anyways ... etc.

Love it! (2)

khasim (1285) | more than 2 years ago | (#40317487)

Why have data hosted locally if you they are going to steal it anyways ... etc.

That is awesome!

Instead of losing a copy of your data when you fire an employee, you lose complete access to your data when you "fire" the cloud provider.

Or when they fire you by jacking up the rates so much that your company profits go to their company.

I love it!

Re:how stupid are people? (1)

cbiltcliffe (186293) | more than 2 years ago | (#40317499)

how was the cloud help? it's not like the same people wouldn't have access either way...

Re:how stupid are people? (0)

Anonymous Coward | more than 2 years ago | (#40317091)

Being treated like crap.

Re:how stupid are people? (2)

Johann Lau (1040920) | more than 2 years ago | (#40317485)

Stealing passwords? Really? Sounds like an excuse someone would come up with to justify what they would do anyway.

Especially when those who you're stealing from are insured against it, and the actual damage is done to people who have done zero to you. I'm not against revenge, but there's revenge and there's being silly. And as always, the best revenge is not having time for it because you're too busy enjoying the new opportunities that opened up for you. It sure is horrible to be mistreated and powerless; but at the same time, being able to "make them feel sorry", and not doing it, is great. So strive for that always, it sure beats being petty.

Re:how stupid are people? (0)

Anonymous Coward | more than 2 years ago | (#40317755)

If the people affected work for the company that fired you and are negatively affected by your revenge then the company itself suffers some loss due to those individual workers' lack of productivity. While it may not be morally justifiable, if it's revenge for the sake of revenge, then it is a rational action for the reason I stated.

Re:how stupid are people? (4, Insightful)

Gaygirlie (1657131) | more than 2 years ago | (#40317111)

As an IT guy, I wouldn't consider for a second walking out with data that's not mine. What the hell is wrong with the rest of you?

I agree with you here. I would never even dream of copying sensitive data, installing backdoor access or stealing actual physical hardware, that's hideously selfish and if I knew of someone having done that I'd be the first to report that person to authorities, even if it was one of my own family members. But alas, as disgusting as I find such behaviour I also am not surprised in the least; majority of people are willing to screw over anyone and anything -- even their own morals and ethics! -- in order to gain something and even more so if the gain could be monetary. Mankind in general is not to be trusted.

Re:how stupid are people? (1)

Anonymous Coward | more than 2 years ago | (#40317173)

Back when I did sysadmin work (now in dev) ... Whenever someone would leave, even on excellent terms, we would audit all the admin accounts and reset every password.

Every fucking time ... these ex-employee sysadmin fucks would attempt to remotely access the systems after they had left. Every fucking time! And they knew about the policies because they'd worked late numerous times changing passwords. The fat retards just couldn't help themselves.

There's a lot of shitty aspects of IT, and one of the biggest is the low quality shitwits who end up in IT. Happy to leave all that behind.

 

Re:how stupid are people? (4, Informative)

houstonbofh (602064) | more than 2 years ago | (#40317509)

It could never have been cached passwords in the tools at home that tried to connect when they first open the app... Nope. That never happens. When I left, I had to start my soft phone app to delete the account in it. It don't know if it still worked or not...

Re:how stupid are people? (1)

epyT-R (613989) | more than 2 years ago | (#40317663)

then don't hire them.. do the work yourself. obviously you did something to them that pissed them off..it's not a one way street. if you want people to respect you and your property, you have to respect them and theirs.

Re:how stupid are people? (1)

Anonymous Coward | more than 2 years ago | (#40317329)

Love the treason, hate the traitor

Thats what it boils down to. Management would rather keep terrible working conditions (but CHEAP!) and put the blame on the "disgruntled" employee (never mind the fact that the company apparently loved the guy so much as to give them the keys to the digital kingdom)

Re:how stupid are people? (4, Informative)

LordLucless (582312) | more than 2 years ago | (#40317369)

What the hell is wrong with the rest of you?

Nothing. We wouldn't either. But our execs and senior management apparently would. Read the summary.

Re:how stupid are people? (1)

russotto (537200) | more than 2 years ago | (#40317435)

As an IT guy, I wouldn't consider for a second walking out with data that's not mine. What the hell is wrong with the rest of you?

They, unlike you, think their accounts can't be tied to their real identities.

Re:how stupid are people? (1)

cbiltcliffe (186293) | more than 2 years ago | (#40317519)

The word you're looking for is not "stupid." the word you want is "assholish."

Re:how stupid are people? (1, Insightful)

epyT-R (613989) | more than 2 years ago | (#40317579)

since most businesses are run by insecure twats, it is likely the sysadmin will have the nuclear option used against him for trivial disagreements. The sysadmin, in a state of rage over unfair treatment, hits his red button figuring he's got little to lose at this point. His employer just destroyed his career and his credibility after all. As far as I'm concerned, the party with the most power, the employer, deserves what it gets. If it treats its employees well, statistically, it doesn't have much to worry about. If it treats them like criminals out of insecurity, then it deserves what it gets.

The article title is wrong. (5, Insightful)

sconeu (64226) | more than 2 years ago | (#40317757)

That's why you don't understand.

The title should read: " MANAGEMENT Admits They'd Walk Out With Stolen Data If Fired"

TFS says they surveyed managers and executives, not rank and file.

Re:how stupid are people? (0)

Anonymous Coward | more than 2 years ago | (#40317763)

The article explicitly states "survey of IT managers and executives, nearly half of respondents admitted that if they were fired tomorrow they would walk out with proprietary data." These are managers and executives in IT not your typical system administrator or help desk technician. I always knew management could never be trusted. Now we have the proof in their own words or survey responses in this case.

Solution: (1)

ToiletBomber (2269914) | more than 2 years ago | (#40316941)

Solution? Lock them out of their computers the instant the word to fire them is given by the boss.

Re:Solution: (1)

Anonymous Coward | more than 2 years ago | (#40317021)

Yeah, my company has policies like that. It makes for a hostile work environment. Very little trust.

Re:Solution: (1)

Billly Gates (198444) | more than 2 years ago | (#40317199)

Solution: Fire them when they looking for work elsewhere immediately.

Mentioned it in my other post but that is the solution HR does. What there is Jane's resume on Monster? Have security escourt her out.

That is an even worse solution if you ask me.Not even a 2 week notice. Your done that very second

Re:Solution: (1)

Soporific (595477) | more than 2 years ago | (#40317275)

I know plenty of people that have active resume's on Monster, etc. That isn't really cause to fire though. The company is always looking for better people and people are always looking for better companies. That said, a paycheck for 2 weeks that they didn't give you notice or vice versa should be somewhat fair.

~S

Re:Solution: (4, Insightful)

epyT-R (613989) | more than 2 years ago | (#40317697)

This is the mentality that causes people to stick it to the holy churches of corporate psychopathy in the first place. subject employees to hostile working environments like slaves, and they'll act like slaves when they rebel.

Re:Solution: (1)

houstonbofh (602064) | more than 2 years ago | (#40317525)

Then reopen the accounts when you find out they need to give some knowledge transfer on the way out... Ooops...

Missing keyboard (0)

Anonymous Coward | more than 2 years ago | (#40316969)

At a former employer, you would come back from lunch to find your keyboard missing.

Re:Missing keyboard (1)

dotgain (630123) | more than 2 years ago | (#40317419)

That's what we do at my place too. Even with laptops.

What, you don't have backups at home? (3, Funny)

rrohbeck (944847) | more than 2 years ago | (#40316987)

I thought that's data protection 101.

Re:What, you don't have backups at home? (5, Interesting)

Anonymous Coward | more than 2 years ago | (#40317659)

Once upon a time I had two personal laptops I brought to work. One I had been using for a year, the other I had just purchased and had just reached the point where I was leaving the old one at home. Then one day they herded about 50 of us into a conference room. My manager tried to get me to leave my laptop at my desk, but I always took it with me to meetings, so I kept it with me. The CEO announced that our services were no longer required and that most of us would be walked directly to the exit.

My boss steered me to her boss's office and some "security" guy who had been hired a week earlier proceeded to tell me I couldn't leave until I gave him my laptop and the password to get in. I pointed out that it was my laptop and pulled my receipt out of the bag. He said it didn't matter whose laptop it was, I had to give it to him because it might contain company data. I refused, informing him that it contains confidential personal data that the company has no right to. He then threatened to call the police if I didn't turn it over. I pulled out my cell phone and offered to call them myself. The guy actually took the phone out of my hand and shut it off.

At this point I told him, "when I get outside, I'm driving to the police and reporting that you just assaulted me and stole my phone. If you take my laptop by force, now you're looking at assault and grand theft. I don't know how much they're paying you, and I suspect you don't either because you haven't gotten your first paycheck yet, but you really need to think about whether this is worth it." He got uncomfortable and slid my phone back across the table to me, reiterating that he couldn't let me leave with the laptop.

"I know you've only been here for a week, but I just started using this laptop a week ago. Ask my boss. What are you going to do about the laptop I've been using for the last year that's sitting at home right now? Are you going to break into my house tonight?" He looked at my boss, who nodded, and told me I could go.

The point is this: unless you've been enforcing strict security policies all along, trying to get stuff from the employee is like closing the barn door after the horse has bolted. And if you screw with them enough, you're just going to make things worse. To spite them for this, I took some non-confidential company documents I had, uploaded them to a file sharing site and emailed them a link to it: "Here are the files you wanted so badly. I wouldn't have bothered if you had treated me like a human being. Just something to think about the next time you fire someone." I'm sure they just about had a heart attack until they realized I hadn't uploaded anything sensitive.

Retail Scenario (1)

Robadob (1800074) | more than 2 years ago | (#40317055)

Similarly to all the above ban account, remove keyboard stories. From working weekends at a highstreet clothes store when employees were leaving it is company policy that the employees weren't allowed to use tills for their last day/week. Although given the recent recession and constant staff shortages this is now usually seen as impractical and ignored by the managers supposed to implement it (They also never seemed to actually remove the till accounts of ex-employees within due time).

Re:Retail Scenario (1)

Capt. Skinny (969540) | more than 2 years ago | (#40317769)

OK. I get "highstreet" and "till," but what are "keyboard stories" called in American?

Simple Solution (5, Insightful)

sir-gold (949031) | more than 2 years ago | (#40317057)

The solution to "insider theft" is simple:
Don't hire from the bottom of the barrel just to save a buck, and you won't have to fire people.
Treat your employees like valuable assets and not just cogs, and your people won't quit.

But that assumes you don't have penny pinching nut (2)

NotSoHeavyD3 (1400425) | more than 2 years ago | (#40317283)

jobs in accounting making decisions. You know, oh Jeff makes X money but we can hire jackie for X-Y dollars and then fire Jeff. We don't care that Jeff knows the business inside out and Jackie doesn't. We don't care it'll be a year before Jackie comes up to speed and all the evidence says he won't be as good. We'll save a couple bucks now which is good enough. (Even if it screws us in the end.)

Re:Simple Solution (4, Insightful)

LordLucless (582312) | more than 2 years ago | (#40317349)

This article, despite the headline, isn't about "IT Employees". It's about IT executives and senior management. These are the employees that are treated like valuable assets. It's the low-paid one which are honest - which is probably why they're still low-paid.

Re:Simple Solution (0)

Anonymous Coward | more than 2 years ago | (#40317729)

And to be honest, most companies consider their client list to be their most valued asset whereas the source code and design docs may not even register with the executive staff.

Personally (and don't tell anyone) I do keep some small copies of source code I've worked on. Most is useless without the hardware anyway but it's nice to avoid reinventing the wheel over and over. I've even had one case where I asked someone who was not laid off to scrub out company info and filenames from the Makefiles I wrote so that I could reuse them at home. It's work-for-hire so I should not do this. However it's a bit wierd to tell your new boss that you are an expert in a certain area and have implemented a certain driver several times but that if I need to implement it again I will take me just as long as it originally did since I have to do the research all over again.

I even have some old design docs that I had at home in a suitcase plus some third party partner documents stamped prominently with "Proprietary Information" on every page. No one ever asked me to go dig through the mess at home to find stuff that might be work related and bring it in before I left or was laid off. There is usually only the checksheet to be sure I turn in my keycard, RSA token, and obsolete phone.

Today though I've got an external backup drive. If laid off will they give me time to erase it before kicking me out the door?

also don't use personality tests for hireing (2)

Joe_Dragon (2206452) | more than 2 years ago | (#40317367)

This is because these companies seem to be getting the opposit results from these tests that are intended. They are weeding out the good, honest, and hard working employees. The only people that can pass these things are liars, cheaters, and BSers. Is that the type of employee they really wan't.

More outrageous termination reasions (1)

Billly Gates (198444) | more than 2 years ago | (#40317069)

Great now we can have more terminations on site for anyone looking for another job or having someone call your boss for a reference. The excuse is a bad worker has access to data. Scared employees who can't leave also will work for less too and be willing to put up with more.

I thought only a few companies did this but it is catching on as IT workers are cost centers who bring little value to the bottom line anyway if you ask HR who makes such abusive policies.

Re:More outrageous termination reasions (1)

stanlyb (1839382) | more than 2 years ago | (#40317101)

The funny thing is that if you are pro in your work, you would know your price, your skills, and you would NOT allow yourself to be scared, because it is simple, scared employee cannot work at his best. So, just to tell it with other words, if someone tries to work harder for less... the he is simply a noob, trying to look pro, and to satisfy his boss' ass$%$%$%$

Re:More outrageous termination reasions (2)

Billly Gates (198444) | more than 2 years ago | (#40317121)

Try telling that to the MBA's. They are obsessed over metrics and the things you talk about are hidden costs that do not show up in a nice spreadsheet. Simply wait there is Bob's resume go terminate him still screw Bob over even if he is an IT pro. His reputation is ruined and a new employer will wonder why is not currently employed? Hmm

These same companies also have policies that they can't hire unemployed people too.

Re:More outrageous termination reasions (1)

stanlyb (1839382) | more than 2 years ago | (#40317153)

I would agree with you if the IT job market was small, but the truth is that USA has 300 million people there, and in every major city there is a ton of companies desperate for decent developers, even if his resume is not perfect, of course it is true only if the before mentioned developer is willing to relocate.....

Re:More outrageous termination reasions (1)

Billly Gates (198444) | more than 2 years ago | (#40317167)

I do IT support and there are more of us than jobs. Maybe I should have studied computer science instead.

Re:More outrageous termination reasions (1)

sjames (1099) | more than 2 years ago | (#40317605)

If I wanted to be a migrant worker, I'd have gone into harvesting.M

Re:More outrageous termination reasions (1)

stanlyb (1839382) | more than 2 years ago | (#40317687)

If you did not want to be a migrant worker, try something else, that does not change every 5 years or even for less. Like.....policeman? fireman? nurse?

Re:More outrageous termination reasions (2)

RabidReindeer (2625839) | more than 2 years ago | (#40317363)

scared employee cannot work at his best.

So? Did you really think that working "best" is really what matters? In the bean-counter universe, quantity rates over quality - frighten someone into working 10-hour days plus weekends and it's more "productive" than whether or not the time is employed in a worthwhile manner. To a bean counter, anything that doesn't look like a bean doesn't exist.

And the #1 way to scare employees is to point out that, pro or no pro, there are plenty of people in a Third-World country who will be happy to do the work for a fraction of what you can afford to do it for. Having a horde of unemployed people closer to home looking for jobs doesn't help either.

What counts isn't "your price", it's "your worth". And you don't define worth, the employer does. The trend for the last 20-30 years has been to devaluate the worth of line-level employees while simultaeously inflating the worth of the top-tier executives.

Re:More outrageous termination reasions (1)

stanlyb (1839382) | more than 2 years ago | (#40317709)

In short term yes, i do agree with you. In long term, no, what really matters is your skill-set. Of course it is true only if you are not afraid to take risk, and gods forbid, change employer!!!! More than 2 times!!! Nooooo.
Anyway, if you happen to work for one company for what, 10 years and more, then i am really sorry for you, but you are simply un-employe-able. In which case you better every dirty tricks to keep your job and your position, otherwise....

What about being a decent employers!!! (1, Redundant)

stanlyb (1839382) | more than 2 years ago | (#40317073)

What happened with just being decent and have some moral??? So, employer, you are firing someone, you strip him of his bonuses, you give the minimum notice, you give him no recommendation letter, no references, actually nothing at all, and you expect your poor, f$%$%$%$ ex-employee to show some decency??? What the frack, eye for eye, tooth for tooth, as simple as that.

Re:What about being a decent employers!!! (3, Insightful)

Lisias (447563) | more than 2 years ago | (#40317235)

No matter how hate the concept, the parent post is right.

Once the honest employee gets screwed no matter what, there's absolutely no incentive to the other employees to be honest!

You get what you promotes!

And how much data ACTUALLY walks out? (5, Informative)

el_tedward (1612093) | more than 2 years ago | (#40317107)

Everyone preaches about the insider threat, even though less than 4% of all incidents come from insiders.. If you count by the number of breached records, insiders make up less than 1% of all breached records (though, arguably, they may be breaching records that are more valuable)

http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf [verizonbusiness.com]

Sounds like bullshit.. (1)

Anonymous Coward | more than 2 years ago | (#40317141)

And FUD.
Really who wants to be liable for anything AFTER a termination.

Not Even Fired (2)

TranquilVoid (2444228) | more than 2 years ago | (#40317197)

At my last job it was common practice to take a copy of the source code even if you were just leaving for greener pastures.

I considered it myself - not for the trade secrets or to sell, but because it functioned as a programming reference guide ("How do I do that again? That's right, I did it before in library X"). In the end I took the high road and consoled myself that anything I had figured out before I could figure out again.

Re:Not Even Fired (1)

Billly Gates (198444) | more than 2 years ago | (#40317223)

That is highly unethical and is considered theft. YOu did the right thing. Even if you never use the source code you do not want to be caught doing just this and explaining yourself to the policy and having it recorded on a credit report.

When I fire someone... (5, Funny)

Anonymous Coward | more than 2 years ago | (#40317213)

When I fire someone, there is a significant amount of planning that goes into it, and the whole process takes about 4 weeks.

When I decide it's time for someone to go, I have HR stage a company-wide reaffirmation of adherence to company policy. Employees are reminded that they are not allowed to bring any company data home on thumb drives (which technically they aren't allowed to bring in from home or leave the office with anyway), personal laptops, phones, and so on. During this initiative, they are asked to bring in any thumb drives they have with company data, and make sure they erase company date from their personal devices. I instruct the IT department to assist any employee who asks for help with locating and purging company data.

We are certain to remind them that this is to protect the company from security issues and corporate theft, reduce legal costs, and so on.

After about a week of that, we install a keystroke logger and screenshot collector on the employees PC, and collect all of their passwords to local resources, databases, servers, and so on. We monitor their computer activity 24/7 to make sure it will be a clean break. This is also useful for creating justification for violations of IT policy, since most employees violate it by using their company-owned computer for personal endeavors (email, non work-related web browsing, etc), which is against IT policy and subject to disciplinary action up to and including termination.

After a week or two of monitoring, I get the ball rolling with HR and IT. I submit the necessary termination documentation to HR, and IT generates a script that instantly locks them out and changes all of their passwords so that they cannot access any company resources.

We usually try to execute a firing when the terminated employee is in a meeting or other place where s/he will not have immediate physical access to items at their desk or lab. I usually just pop my head in the door and say "Hey XYZ, I need your help for a second." We walk back to my office, where HR is waiting with the termination paperwork, while IT removes their laptop from their desk and locks all of their drawers and cabinets.

To communicate the firing, I actually read from a script, because the lawyers are very particular about the language and what is said. Security escorts the employee to their work area and supervises and thoroughly documents any personal effects they take with them. They are not allowed to take any memory devices with them, including those in picture frames, without first having them checked by IT for company information. Picture frames are also disassembled and other items searched as thoroughly as possible.

Terminated employees are also searched/wanded on their way out to ensure they are not hiding things like USB keys or hard drives on their person.

It's an arduous process, but it's my job to protect the company from thieves.

Re:When I fire someone... (0)

Anonymous Coward | more than 2 years ago | (#40317391)

You need to keylog their computers to change their passwords? Thanks for the laugh.

Re:When I fire someone... (4, Insightful)

erp_consultant (2614861) | more than 2 years ago | (#40317401)

Jesus...why don't you just tar and feather the guy for good measure? I came close to working in a place like that one time but thankfully it didn't last long. Keyboard loggers? Screenshot collectors? Big brother anyone? I don't see how anyone can be productive under those kinds of conditions. What do you do for an encore? Slash the guys tires before he leaves the parking lot?

Re:When I fire someone... (4, Insightful)

cusco (717999) | more than 2 years ago | (#40317443)

You, sir, are a frelling scumbag. Sorry, there's no way to sugar-coat it, you get far too much enjoyment from fucking over someone's life to be considered a decent human being. Fortunately people like you are so aggressive during the initial interview process that I don't have to worry about being stuck working with you.

It's management attitudes like this that breeds disgruntled employees that will steal company data. Treat people decently and 1) you will very rarely have to fire employees, and 2) when employees leave they aren't going to be inclined to take the customer database with them.

Re:When I fire someone... (3, Insightful)

cusco (717999) | more than 2 years ago | (#40317617)

By the way, scumbag, your admins are snooping the keylogger for the employee's password, and stealing data logged in as them. Or is that you doing that?

Re:When I fire someone... (0)

Anonymous Coward | more than 2 years ago | (#40317445)

Nice troll I nearly bought it until I seen the search on the way out deal.

Re:When I fire someone... (0)

Anonymous Coward | more than 2 years ago | (#40317545)

Let me guess... you work at Paranoid Assholes, Inc. and you named the company yourself?

Loyalty is a two way street (0)

Anonymous Coward | more than 2 years ago | (#40317297)

Employees learned that kind of behavior from their managers who learned it from the executives.

What if...? (0)

Anonymous Coward | more than 2 years ago | (#40317303)

What if you were doing work from home and had a couple DVD filled with confidential docs along with a couple other company purchased pieces of software. One day you walk in and find out your job was eliminated, turn in your laptop and Company Credit Card and there is the door.

Would you both giving the DVD's back, trash them, hold onto to them for unknown reasons or publish them for the world? I still have them after a couple years, not even sure why but it feels good to know they'd be very pissed if they knew there were still in my possession.

Re:What if...? (2)

cusco (717999) | more than 2 years ago | (#40317479)

I actually had company backup tapes in my possession when I was let go once. Took them back a few days later, and they were so pleased that they told me to keep the 56k modem that I had used for remote access.

Re:What if...? (1)

Gaygirlie (1657131) | more than 2 years ago | (#40317523)

Would you both giving the DVD's back, trash them, hold onto to them for unknown reasons or publish them for the world?

Not being a dishonest, selfish little prick I'd just trash them.

Rule of Thumb for Employee Theft (5, Insightful)

Anonymous Coward | more than 2 years ago | (#40317315)

As someone who has been laid off from a job (and forced to wipe the hard drive of my personal laptop before I could leave the building), and who has had to hire and fire dozens of employees over the last 10 years, I can offer a bit of insight:

10% of your employees would never steal from you. Ever. It wouldn't occur to them to do it.

10% of your employees are determined to steal from you. It's why they applied for the job!

The other 80% are swayed by circumstance and opportunity. If you treat them like crap (when they're employed or when you fire them) or make it clear that you're lax on security (often as simple as not paying attention), they're going to steal from you. Treat them well (as employees and as ex-employees... don't just toss them overboard... give them a severance package... give them a nice letter of recommendation... make some genuine effort to ease this life-altering transition and show them that you care about what happens to them after they leave) and maintain good security practices and you will drastically cut down on the number of people who steal from you.

Re:Rule of Thumb for Employee Theft (0)

Anonymous Coward | more than 2 years ago | (#40317493)

Forced to wipe the drive of your own laptop? You must have been working for a judge then.

Re:Rule of Thumb for Employee Theft (0)

Anonymous Coward | more than 2 years ago | (#40317731)

Nope. The company did work for banks, though.

Define "proprietary data", please... (0)

Anonymous Coward | more than 2 years ago | (#40317361)

I RTFA, and the examples it gave were the same as in the summary above. The thing is, were those the ONLY things measured on the actual survey, or were things like source code and shell scripts written by the layoff-ee ALSO included?

I'm sure some will violently disagree, but I can understand somebody wanting to take copies of their own work product to use as future reference material. This does NOT justify the replication of entire programs / trade-secret algorithms at a competing company, obviously -- more along the lines of reusing/adapting individual functions, automation scripts, etc) in code written for unrelated industries.

This is a problem (1)

Karmashock (2415832) | more than 2 years ago | (#40317383)

best practice is to kill access before telling them they're canned. But I've seen a lot of businesses that just fire someone without bothering to tell IT to revoke permissions. Sometimes they'll have access for months after being fired.

that said, I don't see why people would go through the system for data. First off most of the data is boring and useless. It's reports and records. The only thing besides possibly source code would be credit card numbers. I have access to that database and could extract literally hundreds of thousands of credit card numbers along with all relevant charge data. Should I have access to that? Someone has to... and that's me.

But I'd never steal like that. I'm the sort of guy you could leave in a room with a billion in cash and come back later to find the same billion in cash untouched. Stupid? Maybe... but I just don't do that.

What I MIGHT do if I were really pissed is sabotage something. These systems are really complicated and it's really easy to screw something up in the core of the spaghetti code so deep that it will take them weeks to sort it out. I wouldn't profit from that and it would leave no trace to me. But as far as revenge goes it's not bad. You say "oh they could back up"... yeah... but what portion of the system needs to be backed up? It's hard to track that down sometimes unless you really understand it.

When you're dealing with big old proprietary databases... they're almost more organic then they are an engineering problem. You have to treat them like a doctor. Touch as little as possible and if you have problems try to help it self heal because if you actually to rewrite that monster it will take years.

Re:This is a problem (1)

cusco (717999) | more than 2 years ago | (#40317569)

I work in the physical security field (key cards, cameras, alarms, that sort of thing.) We had a customer whose former employee showed up at the door to take his friend to lunch. When the guard said, "I'll let them know you're here" the fellow replied that wasn't necessary since his key card still worked (a year after leaving) and he knew where his friend's desk was. Caused a system-wide audit that found dozens of cards still active for employees that hadn't worked there for up to three years. That guy was the only one who had actually used his card after leaving, so they were lucky.

Re:This is a problem (1)

Kittenman (971447) | more than 2 years ago | (#40317759)

best practice is to kill access before telling them they're canned. But I've seen a lot of businesses that just fire someone without bothering to tell IT to revoke permissions. Sometimes they'll have access for months after being fired.

I was at a place once that called some people in for THE meeting, and while the employee was being handed their cards, someone else deleted their email addresses, etc, from the Company address book. One of us noticed this, and spotted the "He's out... he's in ... she's out ..." happening. Nasty.

It's all in the wording of the question (2)

MobyDisk (75490) | more than 2 years ago | (#40317399)

Be very careful when reading these surveys. The wording can be critical, and can mean something different than what the headline is implying. For example:

If you were told that you were going to be fired tomorrow, what, if anything would you take with you?

The answer would have to include things that you already have in your possession. So no malicious intent is required here! For example, 5% responded "R&D plans." That doesn't mean that they would steal R&D plans in response to being fired. It could be that they already had those plans on a flash drive on their key ring, perhaps because they gave a presentation on the topic recently. 8% responded "Privileged password list" which could mean that they keep an encrypted copy of vital passwords in case they need to remote into the servers from home. They might take the "Customer database" because they keep a copy on their laptop in case they are on call and need to contact a customer.

What hurts more than being fired?? (1)

bdemchak (1099961) | more than 2 years ago | (#40317405)

... easy ... the prosecution (civil and criminal) that occurs once they find you with their data. Promise: it will transcend the warm feeling of completely wrecking your former employer.

I think a lot of people would have issues (4, Insightful)

johnny cashed (590023) | more than 2 years ago | (#40317447)

The problem I have with this is the hypothetical "if you were fired tomorrow" angle on the survey. Why would I be fired tomorrow? For cause? Due to downsizing? A lot of people would feel threatened if they were suddenly fired, especially if they can see their termination as unjustified. This doesn't justify their potential actions, but it really leaves out a lot. How many people, if they were fired tomorrow, would come back with a gun and start shooting people? Probably a lot less. Was that question on the survey?

You might get life in prison (0)

Anonymous Coward | more than 2 years ago | (#40317503)

Here's what happened to one person who took "backups" home.

http://www.johnwdowns.com/

His defense was completely inane. He got exactly what he deserved.

goals at odds (2)

v1 (525388) | more than 2 years ago | (#40317513)

You have two competing goals, company security BY the employees, vs company security FROM the employees.

IT are like the cops in town. In order for them to do their job you have to trust them with powers that can be abused. There is no perfect solution to this problem. The best thing you can do if you are a reasonable sized organization is to simply have the power spread out horizontally well, so the watchers can watch each other.

In small businesses, you may have a small IT staff tree that's composed of people that do jobs that have very little overlap, and that makes their position more abusable.

I've seen it work both ways on the way out. I've seen people get 6 weeks of advance notice, and I've personally been handed papers when I arrived in the parking lot. Paranoia varies, just as trust varies. If you're in an "at-will state" you can get the rug pulled out at any time, and many companies do this as a matter of policy. I consider it very double-standardish, that last place my manager told me he expected me to give two weeks notice if I was leaving, but when I asked how much notice he'd give me, well, that's different! IMHO, employers that think that's playing fair deserve zero day notice, and should consider that the tradeoff for having a zero-day notice for their employees.

Considering the present economy, the value of job security has gone up, and I would certainly find a job less attractive if I knew my employer had a "meet you at the door on Monday with a box of your stuff" policy. But what if I were going to be evil? Then I'd say you need to train your HR people to hire people with better character, good references, and thorough background and job-history checks. You need to be able to trust your IT staff, because of the nature of their position, just like the city needs to be able to trust the cops it hires. If you don't hire people you don't trust, you don't have to zero-day bomb them when layoffs are required. Promote from within instead of hiring off the street into positions of trust and power. If a new hire isn't trustworthy, thank him for his time and give him his two weeks and find someone else. Don't burn people that are in a position of power.

You think it's unfair when a semi-key staff walks on you? Try being that staff when he gets to go home and sit on the couch all day waiting for the wife to get off work, trying to figure out how to tell her he's unemployed as of now. It hits the employee a lot harder than it should hit the company. And in any reasonable sized company, no single person walking should be able to do great damage, nothing like your home income dropping 50 (or 100) percent overnight.

I also read from time to time about karma coming back and biting employers that zero-day a key IT. And I'm not talking about the cases where Joe Fired remotes in and makes a mess etc. I mean the "this broke again, oh crap, Joe usually fixes this, what do we do now?" sort of cases. Responsible employees try to prevent this sort of dependency but companies often don't give enough time or resources to accomplish it. (time to document, hours to crosstrain, etc) So you can't just blindly go blaming the employee. And so now you're left with missing key experience, and a burned bridge. I watched that happen twice at one company. They zero-day'd a key person, only to find that he was the best go-to man for certain things, and a company mass-mail went out to NOT call that person for help. (because they had made it clear they were going to charge for every support call they received a result of his departure) So that leaves us all fumbling around for hours at a tim trying to figure things out that a 10 second phonecall could have solved. Wonderful waste of resources, makes us look like bumbling idiots in front of the client, etc. "Why are you here? Where's Joe, he's always the one you send to work on our server? Really? Are you going to be able to fix this? (after a few hrs...) Can't we just call Joe? NO." Find out a week later that they just dropped us and have hired Joe as a consultant. Brilliant. (I got off that ship under better terms, shortly before it sank)

Don't let this happen to you as an employer. Hire trustworthy people with good references. Promote from within. Don't zero-bomb staff unless you have legitimate concerns.

Huh (0)

Anonymous Coward | more than 2 years ago | (#40317531)

In my case, it would be useless, as our "vital assets" are about as useless as they are outdated, bizarre, convoluted, decades old, silly, stupid, retarded, etc.

Shall I go on?

Or, (2, Interesting)

Ralph Spoilsport (673134) | more than 2 years ago | (#40317533)

Companies might build TRUST with their employees that they won't get fired at the drop of a hat, and Companies might develop an ecosystem of resilience with their workers, such that everyone feels responsible for the company and vice versa. How? Socialism. Democritise the work place. VOTE for your boss. You wouldn't accept totalitarian political solutions, why do you accept totalitarian economic solutions? If everyone felt like what they did mattered, and felt like their employment was a vital part of their existence (as opposed to something they do to make money) then people wouldn't dream of walking off with data when they get fired, because getting fired would be rare, and a mark of massive failure. CHANGE YOUR WORLD. For the better. it's not that hard. You just have to get off your ass and demand it.

"If they were fired tomorrow" (1)

ANonyMouser (2641869) | more than 2 years ago | (#40317761)

I was going to say something like Ralph above me but without the socialism. Basically if you treat your employees like they matter and have some degree of human value (that is, personnel, NOT HR, massive Freudian slip there), then people behave like they have a stake in what they do.

so is this (1)

bitt3n (941736) | more than 2 years ago | (#40317539)

a reason to fire them or a reason not to?

Biased Survey? (4, Insightful)

ark1 (873448) | more than 2 years ago | (#40317771)

An ID management provider does a survey designed to promote identity management. Why should I trust them?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>