With the story of the laid-off Fannie Mae employee trying to destroy company servers still fresh in our minds, I thought it might be time to take another look at possible preventative measures — hopefully so others can avoid a similar situation.
To catch readers up, in the time between when he was informed of being laid off and when he left the building, a Fannie Mae employee was able to plant a logic bomb that could have wiped out the data on their servers.
It’s widely believed that the economy isn’t getting better any time soon. Unfortunately, there will be more layoffs, more reorganizations, more disgruntled employees dismissed. There will also be more situations where IT staff are given limited lead time regarding layoffs –- making it difficult to ensure employees are removed from all the systems they might have been accessing while employed -– causing big potential for security risks.
This can be one of the biggest problems facing organizations — however, it can be avoided with the proper systems and processes in place.
To begin, IT staffs need to ask themselves: “Can we immediately revoke access of former employees, and alter access for employees whose job functions have changed?” “Are we fully aware of all applications and data that dismissed users would have access to –- whether on our systems or via web apps?” “Do we know the potential damage if revocation is not immediate or all-inclusive?“ If the answer is no to any of the above—and there’s real damage possible, either to assets or your company’s reputation — then you're at risk.
But what would have helped Fannie Mae? Or a company in a similar situation?
To prevent security breaches of this sort, you need to know what employees and consultants are accessing and how. You need more than just a username and password to do that successfully — you need to be able to track all authentication activity to prove employee identities, and deter bad behavior — as well as shut them down in a hurry, should they be terminated.
While having the means to revoke user privilege is important, visibility into the accounts that employees are currently using is just as critical to protecting the organization. This would let the IT team see what accounts and hosted applications are being used and by whom, allowing them to prevent a terminated employee from leaking out critical data or leaving a security risk behind on their way out. This is where auditing and password management functions are important –- helping figure out what accounts are being used and by whom even before you have to close down access; and using the password management system to shut down access in one quick motion.
If there is any serious lag time between the elimination of all building and network access privileges, you could easily have another Fannie Mae on your hands. Part of the solution is policy, part of it technology, part of it is behavior — but with affordability of, and ease-of-use improvements in technologies that streamline deprovisioning and tracking — barriers are being removed, allowing organizations to actually treat this threat seriously.