Terminating an employee is one of management's unpleasant tasks. It can also be a minefield from an IT perspective. If you're a security professional, you're undoubtedly familiar with your organization's procedures
Requires Free Membership to View
When you register, my team of editors will also send you the latest expert resources covering pertinent IT topics such as Windows server backup and recovery, server administration, storage management, infrastructure security, virtualization, Hyper-V, Active Directory and Group Policy.
Cathleen A. Gagne, Senior Editorial Director
for handling the termination, resignation or reassignment of a
non-technical employee. You may even have a checklist in place for when a member of the IT team
leaves the organization. But do you have a policy for how to handle the sudden termination of a key
system administrator?
It's not a task many security teams are eager to handle – especially on smaller teams where it involves planning for the firing of one of your own. However, you owe it to your organization to plan for this distasteful eventuality. Let's take a look at a few steps you can follow to ease the process:
- Follow your standard procedures. First and foremost, follow the same process that you
use for the immediate termination of any employee. Ensure that all organization property assigned
to the employee is accounted for. Escort the employee to his or her work area to clear out personal
belongings. Issue a reminder of any confidentiality agreements that may survive the employment
relationship.
- Change
the passwords – all of them. Even if your organization has a Single Sign On (SSO)
mechanism, chances are your administrators still use multiple passwords on various systems. If you
have common administrative passwords (and you shouldn't, but that's a separate matter!), make sure
to change them whenever someone who has access to them leaves. Think carefully to uncover hidden
passwords (such as the administrative access code for your telephone system).
- Update contact lists. System administrators often have tremendous authority to act on
behalf of the organization. They might be listed as authorized contacts for communications
circuits, service contracts and other items that require only verbal authorization for
modifications. If an administrator is fired, you'll need to quickly update these lists to protect
against acts of revenge.
- Plan ahead. You've already started down this path by reading this tip. Think about all of the steps you'll need to take if an administrator suddenly leaves, and develop them into a checklist that may be rapidly followed. Make sure that multiple individuals have access to the checklist and are aware of the procedures.
Hopefully, you'll never need to invoke this policy. However, it's important that you ensure your organization has a strong policy in place to protect your assets if a termination occurs. As you probably know, the greatest computer security threat is that of the malicious insider. If an administrator is suddenly terminated and still has insider access to your systems, he or she may take drastic action to get revenge upon the organization. It's your duty to prevent that from succeeding.
About the author
Mike Chapple, CISSP, currently serves as Chief Information Officer of the Brand Institute, a
Miami-based marketing consultancy. He previously worked as an information security researcher for
the U.S. National Security Agency. His publishing credits include the TICSA Training Guide
from Que Publishing, the CISSP Study Guide from Sybex and the upcoming SANS GSEC Prep
Guide from John Wiley. He's also the About.com Guide to
Databases.
This was first published in November 2003