what is the cause if company laptop is left with company colleague after resignation
Answers
Answered by
2
In an ideal world, people leave your company only under friendly circumstances, because the organization treats every employee with respect. The hiring process is so streamlined that few bad hires are made, so it’s rare for anybody to need to clean out his desk with an HR person looming over him, keeping an eye on what goes out the door.
It’s too bad that we don’t live in an ideal world.
In this one, people are laid off, employees become disgruntled and search for a new position, and others are invited to Spend More Time With Their Families. It’s nice to think we can trust employees and hire great people, but the reality is that a single bad hire can wreak untold chaos, destruction, and financial loss – particularly when the employee has access to corporate data after Elvis Has Left The Building.
While the off-boarding process is managed by the human resources (HR) department, IT needs to be brought in to make sure that the now-ex employee is not a walking-and-talking security breach. That’s why HR has to work with a sysadmin to turn off access to every system to which the employee has access.
…Assuming the sysadmin can even know what those systems are. According to a recent survey by my friend Phil Lieberman (we worked together 20 years ago), more than 13% of respondents still can access a previous employers’ systems using their old credentials. And, he adds, a surprising percentage still have access into two or more ex-employers’ systems.
I admit it: I’m among them. I can peek at an old client’s website stats (nobody’s left at the company who even remembers the project). For a few years I could log in to another organization’s database (access only disappeared when they changed service providers). It’s only my sense of ethics (and the fact that those people did treat me with respect) that protects those organizations from untraceable Loki-inspired mischief.
How can a sysadmin minimize the risk? Let’s start with the easy stuff. Most sysadmins rely on standard ways to control employee access, such as a single sign-on system on which the user’s password is deactivated, often managed through Active Directory or its ilk. The best methods here, one Web operations specialist told me, are a solid access control policy in addition to centralized authentication. “Centralized authentication make most things easy to shut off. Essentially, all access gets a ticket, which creates an audit trail. Upon termination, that system can be audited. This helps cover Software as a Service products easily.”
(Note, too, that similar controls should be in place when an employee changes departments. Since it’s not a departure, most companies forget to double check, and all former rights remain.)
HR knows about work-related sites to which most employees have access, such as payroll systems, GotoMeeting accounts, accounting software accounts, and travel services. Whether HR pulls the access for those logins or IT does so, it doesn’t really matter – as long as someone takes care of it, and a process is in place for turning things off. Too often, it’s a few days before anybody tells IT that the employee is gone – which is exactly the time during which an individual is most motivated to grab anything that might be useful.
For example, one IT worker told me about a situation when a senior person in Accounting was let go. The first step was removing access to every system IT knew about (two minutes before HR gave the employee the bad news), changing passwords on external sites, and collecting company equipment (BlackBerry, laptop, building access cards). IT also needed to make the guy’s email records available to the CFO, who had to notify the banking systems that the employee was no longer authorized to act on the company’s behalf.
But what about external sites to which employees have access: website analytics, blogs, stock photo sites? Social media is a huge security gap in terms of access to data and also the ability to post and publish by ex-employees. De-commissioning employees is a very manual process and unless you enforce it no one is going to do it. There are plenty of tales of woe from companies who learned this the hard way.
please follow me
It’s too bad that we don’t live in an ideal world.
In this one, people are laid off, employees become disgruntled and search for a new position, and others are invited to Spend More Time With Their Families. It’s nice to think we can trust employees and hire great people, but the reality is that a single bad hire can wreak untold chaos, destruction, and financial loss – particularly when the employee has access to corporate data after Elvis Has Left The Building.
While the off-boarding process is managed by the human resources (HR) department, IT needs to be brought in to make sure that the now-ex employee is not a walking-and-talking security breach. That’s why HR has to work with a sysadmin to turn off access to every system to which the employee has access.
…Assuming the sysadmin can even know what those systems are. According to a recent survey by my friend Phil Lieberman (we worked together 20 years ago), more than 13% of respondents still can access a previous employers’ systems using their old credentials. And, he adds, a surprising percentage still have access into two or more ex-employers’ systems.
I admit it: I’m among them. I can peek at an old client’s website stats (nobody’s left at the company who even remembers the project). For a few years I could log in to another organization’s database (access only disappeared when they changed service providers). It’s only my sense of ethics (and the fact that those people did treat me with respect) that protects those organizations from untraceable Loki-inspired mischief.
How can a sysadmin minimize the risk? Let’s start with the easy stuff. Most sysadmins rely on standard ways to control employee access, such as a single sign-on system on which the user’s password is deactivated, often managed through Active Directory or its ilk. The best methods here, one Web operations specialist told me, are a solid access control policy in addition to centralized authentication. “Centralized authentication make most things easy to shut off. Essentially, all access gets a ticket, which creates an audit trail. Upon termination, that system can be audited. This helps cover Software as a Service products easily.”
(Note, too, that similar controls should be in place when an employee changes departments. Since it’s not a departure, most companies forget to double check, and all former rights remain.)
HR knows about work-related sites to which most employees have access, such as payroll systems, GotoMeeting accounts, accounting software accounts, and travel services. Whether HR pulls the access for those logins or IT does so, it doesn’t really matter – as long as someone takes care of it, and a process is in place for turning things off. Too often, it’s a few days before anybody tells IT that the employee is gone – which is exactly the time during which an individual is most motivated to grab anything that might be useful.
For example, one IT worker told me about a situation when a senior person in Accounting was let go. The first step was removing access to every system IT knew about (two minutes before HR gave the employee the bad news), changing passwords on external sites, and collecting company equipment (BlackBerry, laptop, building access cards). IT also needed to make the guy’s email records available to the CFO, who had to notify the banking systems that the employee was no longer authorized to act on the company’s behalf.
But what about external sites to which employees have access: website analytics, blogs, stock photo sites? Social media is a huge security gap in terms of access to data and also the ability to post and publish by ex-employees. De-commissioning employees is a very manual process and unless you enforce it no one is going to do it. There are plenty of tales of woe from companies who learned this the hard way.
please follow me
Similar questions
Social Sciences,
8 months ago
Math,
8 months ago
Math,
1 year ago
Math,
1 year ago
Physics,
1 year ago