Administrative staff in any business hold a position of trust, but much more so in I.T. where a single staff member could potentially make or break that business. In the past few months, there have been a number of reports of someone being fired or leaving a business, which then causes that business some major headaches.
Last week, for example, the former system administrator of Georgia-Pacific was jailed for 34 months after pleading guilty to hacking and willful damage charges.
From The Register:
Brian Johnson, 44, of Baton Rouge, Louisiana, US, had worked at paper maker Georgia-Pacific for years, but on Valentine’s Day 2014 he was let go. He didn’t take that lying down, and spent the next two weeks rifling through the firm’s systems and wreaking havoc from his home.
We use the term hacking loosely: Johnson was still able to connect into Georgia-Pacific servers via VPN even after his employment was terminated. Once back inside the corporate network, he installed his own software, and monkeyed around with the industrial control systems. His target was the firm’s Port Hudson, Louisiana, factory, which produces paper towels and tissues 24 hours a day. In a two-week campaign, he caused an estimated $1.1m in lost or spoiled production.
Once he gets out of jail, Johnson will have to start repaying damages to the tune of $1.1 million. Despite it’s win, it can be safely assumed that Georgia-Pacific would have preferred the incident didn’t happen in the first place.
Industrial sabotage is a worst case scenario when a staff member is sacked. Less severe perhaps, is the case of Australian right-wing political party, One Nation. One Nation’s website lay dormant for more than 3 months after the one staff member who knew the passwords to access it left the party.
From The Courier Mail:
The Australian reports that Saraya Beric left her positions as national and Queensland secretary on October 13 because the situation became untenable.
The 32-year-old was then locked out of the website, despite the fact the page templates and codes needed to update the site were all in her head.
You may be used to the situation of someone who is let go being given two weeks notice. But more and more these days, a business would rather payout the two weeks and march that staff member from the building immediately. But as we can see from these examples, thought needs to be put into how to ensure that staff member no longer has access to your business, and that someone else can step immediately into their role.