Ensuring Employee Security During Layoffs

A poorly organized termination process can lead to major IT and physical security problems.  As many companies have transitioned to a mobile workforce, and vendor supported access, increasing numbers of people have remote access to sensitive and proprietary information.  Companies that fail to cancel subscriptions, passwords, accounts and retrieve blackberries, PDAs and laptops leave themselves open to a major security breach. As a result, proprietary information may be compromised by former employees looking for revenge or profit.  The more technologically savvy the person is, the greater the risk.  This is especially an issue with poorly planned mass layoffs, where these security lapses are more likely to occur.

Organizations that use shared accounts for employee and or vendor access also increase the difficulty to efficiently and effectively manage the process.  Vendors that manage key functions for the company must be considered much the same as an employee and must integrate similarly into the termination process.   Recovery of key cards and changing physical access authorizations as well are key but an ongoing monitoring of logical access logs needs to compliment revocation of all access.

Another growing issue is the proliferation of websites and blogs where angry ex-employees can post anonymous rants about their former employer that can be very damaging from a public relations perspective.  Even worse, they could post sensitive or proprietary information that could lead to the loss of millions of dollars in revenue.  Because it is so easy and anonymous, even people who would never dream of theft, destruction of property or committing violence may be very tempted to retaliate in this manner if they feel that they have been wronged.

We recommend to our clients that a decommissioning team should be set up with key representatives from finance, human resources, corporate security, IT a labor law specialist and a representative from the executive board.  The team should make their plans well in advance, train management in how to properly break the news and bring on additional temporary help to facilitate the process if necessary. Many companies hire outside consultants to assist in planning, securing and implementing mass layoffs and terminations.  A strategic plan should be created, implemented and managed by the decommissioning team so that every individual layoff and termination follows the same process in order to deflect potential litigation or security threats.

The team should evaluate every potential termination for legal, security and financial risks. A set of “red flags” should be established to screen each potential reduction in personnel and security should be increased around the entrances to the building or office for several weeks after the layoff has occurred.  Extra vigilance during this time period is critical because most “revenge attacks” occur after the employee has had time to ruminate over the ramifications of being terminated.

Don Aviv, CPP, PSP, PCI
COO and Physical Security Director
Interfor, Inc.

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!