Slashdot Mirror

← Back to Stories (view on slashdot.org)

Employees Admit They'd Walk Out With Stolen Data If Fired

Posted by samzenpus on from the take-this-data-and-shove-it dept.

Gunkerty Jeb writes "In a recent survey of IT managers and executives, nearly half of respondents admitted that if they were fired tomorrow they would walk out with proprietary data such as privileged password lists, company databases, R&D plans and financial reports — even though they know they are not entitled to it. So, it's no surprise that 71 percent believe the insider threat is the priority security concern and poses the most significant business risk. Despite growing awareness of the need to better monitor privileged accounts, only 57 percent say they actively do so. The other 43 percent weren't sure or knew they didn't. And of those that monitored, more than half said they could get around the current controls."

62 of 380 comments (clear)

  1. Best Pratices by Mafiasecurity · · Score: 5, Interesting

    I remember reading long time ago in security 101 best practices to remove employee's network privileges a week before they receive the notice. I also know of a big company which had ITSEC work all weekend to remove and change creds so when workers came to work Monday they found themselves now jobless.

    --
    http://www.mafiasecurity.com maf
    1. Re:Best Pratices by Anonymous Coward · · Score: 4, Insightful

      I'm not sure that's really a best practice. Rather than dealing with the risk of data theft, you end up with the risk of them shooting up the building or engaging in non-network sabotage while they still have their access cards.

      The best practice here is to remove their access at the moment they're notified and escorted off premises if the data is that important.

    2. Re:Best Pratices by Penguinisto · · Score: 4, Insightful

      It would depend on the employee, I suspect. As a sr. sysadmin, if my access was cut off, I'd know immediately what was up (since I'd need it for my job), and if I were unscrupulous, I'd have alternate backdoor accounts and backups already in place to suck out all the data that I really wanted. *shrug*.

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
    3. Re:Best Pratices by Joe_Dragon · · Score: 5, Funny

      I told those fudge-packers I liked Michael Bolton's music.

    4. Re:Best Pratices by epyT-R · · Score: 4, Insightful

      This is the kind of treatment that makes workers angry enough to do the things your 'big company' doesn't want happening in the first place.

    5. Re:Best Pratices by black6host · · Score: 5, Interesting

      The best practice here is to remove their access at the moment they're notified and escorted off premises if the data is that important.

      That was SOP at a client I did work with. Nobody in house could handle the changes required to disable access to the systems so when someone was being fired, they let me know and I disabled access early in the morning of the day of their termination.

      One time they asked me to do that for a person in a key position and I asked them repeatedly if they were going to terminate the person as soon as they walked in the door the next morning. They assured me, repeatedly, that they would be waiting at the door to take them into the owners office. Of course I had explained the consequences if they didn't (The employee would know before being told, which is a bit rude in my opinion, not to mention if the employee wanted to create a scene before being escorted out the door they'd have time to do it.)

      Of course, I get a call first thing in the morning from the person being terminated: "I can't log into the system..." Idiots......

    6. Re:Best Pratices by siddesu · · Score: 4, Informative

      This is not a "best practice", as it is completely worthless.

      There is a best practice on the opposite side that is capable to defeat your "best practice" on any day of the week and twice during the weekend, and all smart employees have figured it out long ago. It is for the employee to collect the data while they have access, and do not depend on the benevolence of the company policies after the termination decision.

      Just so I am not entirely abstract, this is exactly what a certain Bradley Manning allegedly did while in employment of a certain large military organization.

    7. Re:Best Pratices by Anonymous Coward · · Score: 5, Insightful

      And that's why, in turn, employees seem to be developing a "best practice" of keeping the tools to screw over facist companies. Distrust goes both ways, here's the results of treating employees like shit, enjoy.

    8. Re:Best Pratices by Anonymous Coward · · Score: 5, Insightful

      The real question is "Why?" What purpose does stealing that info have? You could "potentially" sell it to a competitor just like you could "potentially" be thrown in jail. The risk vs. reward without having a pre-existing deal to steal data for another company is not worth it. It's like quitting your job before you've even handed in a resume to another company that has no idea who you are.

      here's the results of treating employees like shit, enjoy.

      As opposed to the results of shitty employees trying to screw over the company? These people who would steal the data just because they're fired are EXACTLY the people that should be fired. They are the shitty employees that get what they deserve.

    9. Re:Best Pratices by Austerity+Empowers · · Score: 3, Insightful

      In reality, you always have a clue that your job is in jeopardy, and you're hoarding whatever information you want to take ahead of time. Some people I know do this as a practice regardless of their job security. They have what they consider their "IP" (regardless of how their employment contract defined IP sharing/ownership), and constantly back it up. I'm not sure you can really stop them unless you want to go to the paranoid level of some banks, and remove all USB ports, seal away the hard drive and disconnect them from the internet...all the time.

      In reality I think there is somewhat less danger of an employee walking away with vast company secrets for personal profit, most of the time its stuff they simply worked on, which they have some sort of emotional investment in. Spending a single cent trying to stop this is both fruitless and a poor use of money that could otherwise be invested in the company for more profit.

    10. Re:Best Pratices by EdIII · · Score: 4, Funny

      Actually.... you all got it wrong.

      Best practices are to just lose his paycheck, promise to look into it, keep moving him into smaller and more cramped cubicles, then eventually the basement, and finally steal his stapler that he brought from home . He should just leave quietly.

    11. Re:Best Pratices by Anonymous Coward · · Score: 3, Insightful

      >Of course, I get a call first thing in the morning from the person being terminated: "I can't log into the system..." Idiots......

      No, they are not idiots. They just left the job of explaining the situation to you.

      You are the idiot for not realizing this.

    12. Re:Best Pratices by lightknight · · Score: 3, Insightful

      Here's a question for you -> if you're in the Sales group for a company, and have spent years cultivating relationships with various clients. You're given a pink slip. A week later, you're working at a new company. Is it screwing over your old company if you contact those clients? What if you kept a copy of the Goldmine database from your former company?

      And there in lies the problem. If I develop code, on my own time, that I reuse at the workplace, whose code is it? If I work for a new company, and the old company brings charges against me for the code I developed on my own time, with my own equipment, who wins? See, these kinds of polls are...inexact, to say the least. If someone has a pet interest in tarring IT, and drumming up a 'need' for security services to watch IT, for instance, could a poll, with vague phrasing, not confirm the need for said services if read one way, instead of another?

         

      --
      I am John Hurt.
    13. Re:Best Pratices by Neil_Brown · · Score: 4, Informative

      If I develop code, on my own time, that I reuse at the workplace, whose code is it?

      Just my thoughts but, if your contact is not clear, I'd suggest getting this agreed in writing before you use it, particularly if, despite being developed on your own time, it was developed to solve a particular problem at that company. At the very least, make sure it has a licence attached, and use it in compliance with the licensing requirements, as if the company was any other third party recipient of the code — I'd aim to separate your two roles as (a) copyright owner and licensor of the code, and (b) employee of a company making use of third party code — if this means internal policy compliance of getting the licence checked out, the code use validated etc., then put the code through it..

      (I'm not a developer, although this is a question I've been asked several times by developers, but I work for my employer four days and week, and spend my fifth day pursuing my own academic interests. There's a clear cross-over, since I'm fortunate to be paid to do something which interests me, and so, in reusing work I've done in my academic life, I try to be as clear as possible what is created in the course of my employment, and what is not... Any other thoughts / suggestions would be very interesting to me!)

    14. Re:Best Pratices by YttriumOxide · · Score: 4, Informative

      As a developer, I was very sure to get very clear rules for this in my employment contract.

      Any code that I develop in my own time belongs to me. If I choose to use that code in a project at work, the company is given a royalty-free and warranty-free licence to use that code as they see fit. They may not however sub-license it, claim it as their own, or prevent me from using it in any way. All such code must be specifically marked as such, or it is assumed I created it on company time.

      My contract does however also specify that I can not compete with my employer while working here, and as such most of the code I do in private has little re-use value at work and vice-versa.

      Also, I've been with the same company for 10 years and will likely stay here for the rest of my working life, so I don't actually spend too much time thinking about it - it's just a safety precaution in case something does happen.

      --
      My book about LSD and Self-Discovery
      Also on facebook as: DroppingAcidDaleBewan
    15. Re:Best Pratices by ArsenneLupin · · Score: 4, Funny

      engaging in non-network sabotage

      such as hiding shrimps or French cheese in false ceilings or raised floors...

    16. Re:Best Pratices by characterZer0 · · Score: 4, Interesting

      Unless you are firing your employee for doing something horrible, best pratice when terminating white collar employees who have been trusted with access is to cut off access Friday evening, give notice Monday morning, and pay them for another 2-4 weeks at full salary to work half time writing documentation (and be free to spend the rest of their time looking for another job or golfing). The company avoids sabatoge and burning bridges, gets documetnation, and has remaning employees who know they will be treated respectfully.

      --
      Go green: turn off your refrigerator.
    17. Re:Best Pratices by coastwalker · · Score: 3, Insightful

      If you treat people as enemies then expect them to treat you as an enemy. Thats both game theory and free market economics in action. Its also the reason why IT systems are a pain in the arse to use and cost twice as much as they should. Its a free choice.

      --
      Facts are history now plebs have politics for religion on social media.
    18. Re:Best Pratices by butalearner · · Score: 5, Interesting

      Revenge isn't rational. When I was first laid off, I stole the department's best set of pliars. Not because they were worth much, but because they were really nice pliars and I just felt really annoyed. Me and a coworker were exactly equal in qualifications, skill and productivity, so it was fairly clear that the decision over who to fire came down to him being the one willing to go down the pub with the boss and play the occasional game of football.

      And there's the problem with this survey: you ask a bunch of people with reasonably good-paying jobs if they'd take some revenge if they got fired, in this economy, when most of them don't deserve it? But it should come as no surprise when the survey was conducted by Cyber-Ark, who sells three products:

      • Privileged Identity Management Suite
      • Privileged Session Management Suite
      • Sensitive Information Management Suite
    19. Re:Best Pratices by Reschekle · · Score: 3, Informative

      To write proper documentation, I need to have access to the systems that you propose I should be shut off from. I don't have memory of the exact syntax of commands and etc. Further, if you don't trust employees with system access why do you trust them to be in the office to not do something untoward?

    20. Re:Best Pratices by hackula · · Score: 3, Insightful

      ...and you being the one to occasionally steal pliers.

  2. ...and what would you do with it? by Penguinisto · · Score: 5, Insightful

    I recall distinctly during my time with a certain F50 company that they would not only refuse to buy any of the secrets, but that they would be the first to call the FBI on you for trying. The last thing they wanted or needed was to have those secrets unearthed years later, potentially costing them billions of dollars.

    Now the gray/black market? Maybe... but that's as much of a jail risk as carrying around an open box full of kiddy porn in front of a police station.

    If anything, the things I can see IT employees walking out with are software licenses, images (even hardware!) and crap like that - things they would find useful to themselves later on.

    --
    Quo usque tandem abutere, Nimbus, patientia nostra?
    1. Re:...and what would you do with it? by Cow+Jones · · Score: 5, Interesting

      You're right, that's the most important question. What do you do once you've got their crown jewels? Me, I'm a self-employed contractor. Half of the time, I get called in to work on fairly large projects where nobody expects me - or even wants me - to be on location all of the time. So I work from my office or from home. And sure enough, I've got their code, their passwords, and usually (if it fits on my laptop) their database. As an external contractor, I don't get fired. My contract just ends. This occurs far more frequently than employees get fired (I hope). Do I delete all of the data after I complete phase 8 of project X, while I wait if/when they'll call me back for phase 9? No, I don't. I keep it all. The only thing I worry about is that it's stored safely (meaning full disk encryption, at the least, and disconnected encrypted drives for old projects).

      I have no idea how much all of that data would be worth to the right (wrong) people. I never really thought about it. When somebody _gives_ me their passwords and/or their data, that implies a level of trust I just couldn't violate (unless forced, but that's not what we're talking about here). I enjoy cracking passwords and finding exploits as much as the next guy, but once somebody trusts me, they're off limits.

      I don't know. In the last 15 years I've gotten along fine with each and every customer I've had. Some were more difficult than others, but there has never been a situation where I was even remotely tempted to betray them or sell them out. Might be a different story if I were working for organized crime, or some other organization whose morals I deeply object to, but as an external contractor I get to choose my customers. If I ever get sucked into something like that.. I have no idea what I'd do. I probably wouldn't pull a Bradley Manning, but who knows... Whistleblowing is one thing, blackmail is quite the opposite.

      CJ

      --

      Ah, arrogance and stupidity, all in the same package. How efficient of you. -- Londo Mollari
    2. Re:...and what would you do with it? by girlintraining · · Score: 4, Interesting

      You're right, that's the most important question. What do you do once you've got their crown jewels?

      Even if they handed you the keys to the kingdom, don't tell them you have the keys to the kingdom. I have also been that contractor with 'god level' access to everything. And then one day it was pointed out to management that all of this nonsense about using IDS and scanners to detect whether a USB drive had been plugged in or not would really only serve to get in the way of people trying to do their job; anyone with even 3 working neurons in their brain could figure out how to get around it (as one example, printing a binary file, and then going over to the printer, plugging in an SD card, and copying it. Windows group policies don't work on printers. It was pointed out that the entire IT department had the necessary rights on the network and technical know-how to do it. So, naturally management nuked everything from orbit. They fired over 50 people in the span of a few months in a political fiat between infosecurity and the rest of IT (Little known fact: many people who work in info security have no previous background in IT. They usually can't tell a router from a switch) So you know, security must have improved after that, eh? Well, actually it didn't; They were robbed of a significant chunk their customer's credit card and billing data six months later because when you fire a significant chunk of your IT staff in one go, minor things like security patches tend to get put on the backburner while everyone goes into crisis mode.

      Anyway, people talk about employees walking off with confidential data, but for every person that does that, at least a hundred others got fired because management got paranoid... probably more. Usually the value of the data they're protecting is worth less than the cost of hiring and training new employees, because management got spooked about the old ones.

      --
      #fuckbeta #iamslashdot #dicemustdie
    3. Re:...and what would you do with it? by ArsenneLupin · · Score: 4, Insightful

      when you fire a significant chunk of your IT staff in one go, minor things like security patches tend to get put on the backburner while everyone goes into crisis mode.

      That, and if you fire more than one IT guy at once, each of them now has plausible deniability...

  3. how stupid are people? by SoupGuru · · Score: 5, Interesting

    I honestly don't understand. IT people need to be trusted with very important data. Each time one of these surveys come out they demonstrate that they can't be trusted with data.

    As an IT guy, I wouldn't consider for a second walking out with data that's not mine. What the hell is wrong with the rest of you?

    --
    What doesn't kill you only delays the inevitable
    1. Re:how stupid are people? by Jah-Wren+Ryel · · Score: 4, Interesting

      As an IT guy, I wouldn't consider for a second walking out with data that's not mine. What the hell is wrong with the rest of you?

      The summary, at least, says it is not "IT guys" it is IT management that has ethical problems here. Not too surprising given that full-blown psycopathy is 4x more common in senior managers than in the general population. Since psycopathy is really a continuum with only the really extreme types qualifying for the label, you don't have to be a full-fledged pyscopath to rationalze walking out with stolen data either.

      --
      When information is power, privacy is freedom.
    2. Re:how stupid are people? by Gaygirlie · · Score: 4, Insightful

      As an IT guy, I wouldn't consider for a second walking out with data that's not mine. What the hell is wrong with the rest of you?

      I agree with you here. I would never even dream of copying sensitive data, installing backdoor access or stealing actual physical hardware, that's hideously selfish and if I knew of someone having done that I'd be the first to report that person to authorities, even if it was one of my own family members. But alas, as disgusting as I find such behaviour I also am not surprised in the least; majority of people are willing to screw over anyone and anything -- even their own morals and ethics! -- in order to gain something and even more so if the gain could be monetary. Mankind in general is not to be trusted.

    3. Re:how stupid are people? by LordLucless · · Score: 4, Informative

      What the hell is wrong with the rest of you?

      Nothing. We wouldn't either. But our execs and senior management apparently would. Read the summary.

      --
      Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
    4. Re:how stupid are people? by houstonbofh · · Score: 4, Informative

      It could never have been cached passwords in the tools at home that tried to connect when they first open the app... Nope. That never happens. When I left, I had to start my soft phone app to delete the account in it. It don't know if it still worked or not...

    5. Re:how stupid are people? by Stewie241 · · Score: 3, Interesting

      I don't work in IT but I could see myself doing that out of curiosity.

  4. What, you don't have backups at home? by rrohbeck · · Score: 3, Funny

    I thought that's data protection 101.

    --
    thegodmovie.com - watch it
    1. Re:What, you don't have backups at home? by Anonymous Coward · · Score: 5, Interesting

      Once upon a time I had two personal laptops I brought to work. One I had been using for a year, the other I had just purchased and had just reached the point where I was leaving the old one at home. Then one day they herded about 50 of us into a conference room. My manager tried to get me to leave my laptop at my desk, but I always took it with me to meetings, so I kept it with me. The CEO announced that our services were no longer required and that most of us would be walked directly to the exit.

      My boss steered me to her boss's office and some "security" guy who had been hired a week earlier proceeded to tell me I couldn't leave until I gave him my laptop and the password to get in. I pointed out that it was my laptop and pulled my receipt out of the bag. He said it didn't matter whose laptop it was, I had to give it to him because it might contain company data. I refused, informing him that it contains confidential personal data that the company has no right to. He then threatened to call the police if I didn't turn it over. I pulled out my cell phone and offered to call them myself. The guy actually took the phone out of my hand and shut it off.

      At this point I told him, "when I get outside, I'm driving to the police and reporting that you just assaulted me and stole my phone. If you take my laptop by force, now you're looking at assault and grand theft. I don't know how much they're paying you, and I suspect you don't either because you haven't gotten your first paycheck yet, but you really need to think about whether this is worth it." He got uncomfortable and slid my phone back across the table to me, reiterating that he couldn't let me leave with the laptop.

      "I know you've only been here for a week, but I just started using this laptop a week ago. Ask my boss. What are you going to do about the laptop I've been using for the last year that's sitting at home right now? Are you going to break into my house tonight?" He looked at my boss, who nodded, and told me I could go.

      The point is this: unless you've been enforcing strict security policies all along, trying to get stuff from the employee is like closing the barn door after the horse has bolted. And if you screw with them enough, you're just going to make things worse. To spite them for this, I took some non-confidential company documents I had, uploaded them to a file sharing site and emailed them a link to it: "Here are the files you wanted so badly. I wouldn't have bothered if you had treated me like a human being. Just something to think about the next time you fire someone." I'm sure they just about had a heart attack until they realized I hadn't uploaded anything sensitive.

  5. Simple Solution by sir-gold · · Score: 5, Insightful

    The solution to "insider theft" is simple:
    Don't hire from the bottom of the barrel just to save a buck, and you won't have to fire people.
    Treat your employees like valuable assets and not just cogs, and your people won't quit.

    1. Re:Simple Solution by LordLucless · · Score: 4, Insightful

      This article, despite the headline, isn't about "IT Employees". It's about IT executives and senior management. These are the employees that are treated like valuable assets. It's the low-paid one which are honest - which is probably why they're still low-paid.

      --
      Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
    2. Re:Simple Solution by TranquilVoid · · Score: 3, Informative

      It's the low-paid one which are honest

      The summary isn't quite accurate. The article states that the survey was mostly IT managers and executives, and the actual report PDF mentions that about 25% were "business/admin/technical staff" (i.e. regular workers), but there is no breakdown as to which group was less honest.

      Still, while I'd grant that managers might be more sociopathic, humans in general are quite corrupt. This sort of white-collar unethical behaviour is all too common as, unlike physical violence, it's very indirect as to the effects. This is why so many people cheat on their taxes, pirate software, take stationary etc. etc.

      The survey was also done by a company that sells data security products, for what it's worth.

  6. And how much data ACTUALLY walks out? by el_tedward · · Score: 5, Informative

    Everyone preaches about the insider threat, even though less than 4% of all incidents come from insiders.. If you count by the number of breached records, insiders make up less than 1% of all breached records (though, arguably, they may be breaching records that are more valuable)

    http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf

  7. When I fire someone... by Anonymous Coward · · Score: 5, Funny

    When I fire someone, there is a significant amount of planning that goes into it, and the whole process takes about 4 weeks.

    When I decide it's time for someone to go, I have HR stage a company-wide reaffirmation of adherence to company policy. Employees are reminded that they are not allowed to bring any company data home on thumb drives (which technically they aren't allowed to bring in from home or leave the office with anyway), personal laptops, phones, and so on. During this initiative, they are asked to bring in any thumb drives they have with company data, and make sure they erase company date from their personal devices. I instruct the IT department to assist any employee who asks for help with locating and purging company data.

    We are certain to remind them that this is to protect the company from security issues and corporate theft, reduce legal costs, and so on.

    After about a week of that, we install a keystroke logger and screenshot collector on the employees PC, and collect all of their passwords to local resources, databases, servers, and so on. We monitor their computer activity 24/7 to make sure it will be a clean break. This is also useful for creating justification for violations of IT policy, since most employees violate it by using their company-owned computer for personal endeavors (email, non work-related web browsing, etc), which is against IT policy and subject to disciplinary action up to and including termination.

    After a week or two of monitoring, I get the ball rolling with HR and IT. I submit the necessary termination documentation to HR, and IT generates a script that instantly locks them out and changes all of their passwords so that they cannot access any company resources.

    We usually try to execute a firing when the terminated employee is in a meeting or other place where s/he will not have immediate physical access to items at their desk or lab. I usually just pop my head in the door and say "Hey XYZ, I need your help for a second." We walk back to my office, where HR is waiting with the termination paperwork, while IT removes their laptop from their desk and locks all of their drawers and cabinets.

    To communicate the firing, I actually read from a script, because the lawyers are very particular about the language and what is said. Security escorts the employee to their work area and supervises and thoroughly documents any personal effects they take with them. They are not allowed to take any memory devices with them, including those in picture frames, without first having them checked by IT for company information. Picture frames are also disassembled and other items searched as thoroughly as possible.

    Terminated employees are also searched/wanded on their way out to ensure they are not hiding things like USB keys or hard drives on their person.

    It's an arduous process, but it's my job to protect the company from thieves.

    1. Re:When I fire someone... by erp_consultant · · Score: 4, Insightful

      Jesus...why don't you just tar and feather the guy for good measure? I came close to working in a place like that one time but thankfully it didn't last long. Keyboard loggers? Screenshot collectors? Big brother anyone? I don't see how anyone can be productive under those kinds of conditions. What do you do for an encore? Slash the guys tires before he leaves the parking lot?

    2. Re:When I fire someone... by cusco · · Score: 4, Insightful

      You, sir, are a frelling scumbag. Sorry, there's no way to sugar-coat it, you get far too much enjoyment from fucking over someone's life to be considered a decent human being. Fortunately people like you are so aggressive during the initial interview process that I don't have to worry about being stuck working with you.

      It's management attitudes like this that breeds disgruntled employees that will steal company data. Treat people decently and 1) you will very rarely have to fire employees, and 2) when employees leave they aren't going to be inclined to take the customer database with them.

      --
      "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
    3. Re:When I fire someone... by cusco · · Score: 3, Insightful

      By the way, scumbag, your admins are snooping the keylogger for the employee's password, and stealing data logged in as them. Or is that you doing that?

      --
      "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
  8. Re:What about being a decent employers!!! by Lisias · · Score: 3, Insightful

    No matter how hate the concept, the parent post is right.

    Once the honest employee gets screwed no matter what, there's absolutely no incentive to the other employees to be honest!

    You get what you promotes!

    --
    Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
  9. Employer could always be nice by BrokenHalo · · Score: 5, Interesting

    This survey seems (admittedly without having read TFA) to be skewed by the "if fired" clause. Now, I would have thought most admins would have their privileges revoked if they were being sacked, but here's a question:

    How many of us, if on the receiving end of unjust treatment, would honestly not at least entertain the fantasy of "getting back" at that company? Be honest, now.

    Thought so.

    Since the company invests a lot of trust in its sysadmins, it should at least treat them respectfully, since trust has to work both ways.

    1. Re:Employer could always be nice by houstonbofh · · Score: 5, Interesting

      Been laid off a few times. Most of the time I stayed on and had full access for the two weeks they paid me to stay and do knowledge transfer. I guess it depends on the person...

    2. Re:Employer could always be nice by EdIII · · Score: 4, Insightful

      It does depend on the person. I would never even remotely consider it for a second, even if I was owed money. That's what lawsuits are for.

      When you do sensitive work like working with customer databases and sysadmin work that takes you everywhere inside a company, you need to be trusted. Your actions could get around to other companies.

      As for still having access, I wouldn't know. That would require testing for it.

      I know it is tempting to get revenge, but in the end I would rather have my integrity and knowing that I was the better person and professional.

    3. Re:Employer could always be nice by Anonymous Coward · · Score: 5, Interesting

      Posting as AC for good reasons.
      A few years backs, I was one of the top dogs in the IT dept of a small but VERY profitable company. I had a good reputation and I held myself to high standards as we all like to think of ourselves. But during a particularly bitter shareholder war I found myself a the crossroads. I was asked to do some very unethical tasks for one side of the belligerent parties and I refused knowing full well it could spell the end of me if that particular faction ever came on top.

      Of course in the end they did and I was sacked promptly exactly like you mentionned -just as I entered the building I was nearly cattle prodded into the HR office and given my walking papers after eight years of above reproach work. I was left high and dry and no severance package whatsoever even though it was spelled out in my hiring contract.

      Bitter and angry- yes you bet. However I had wisely created a "emergercy care package" for myself in the form of various pieces of informations and when I went to court, some of that information was used by my lawyer to very deadly effect.

      In the end all my good conduct and proper attitude did not save my job. Doing the right thing usually does not assures you that somehow you will get not get screwed if it makes cash sense to someone. So yes, its not nice to walk out with some info but then most employers see you as cattle, so you might as well grow some horns.

    4. Re:Employer could always be nice by Fnord666 · · Score: 4, Insightful

      Your actions will get around to other companies.

      FTFY

      --
      'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
    5. Re:Employer could always be nice by doston · · Score: 4, Insightful

      Your actions will get around to other companies.

      FTFY

      Not necessarily. A lot of companies are too concerned about lawsuits to say anything other than job title and start/end dates. They blacklist you at their company, of course, but there's not a lot of interest in informing other companies; just risk with no real upside, prudent policy generally shun references.

    6. Re:Employer could always be nice by Phoobarnvaz · · Score: 3, Insightful

      In the end all my good conduct and proper attitude did not save my job. Doing the right thing usually does not assures you that somehow you will get not get screwed if it makes cash sense to someone. So yes, its not nice to walk out with some info but then most employers see you as cattle, so you might as well grow some horns.

      I worked at a job years ago which was going through a merger. Because of this...during the weekly meeting it was mentioned the IT department didn't want to face another $250,000 fine from the BSA that year for pirated software. Of course...all the contractors they had working were running tons of pirated software...as well as some of the employees. When I was handed my walking papers two weeks after this...my first call was to the BSA. Don't know what happened to these employees or company...but I ended up with a better paying contract job I loved three days later...even though my contract wasn't renewed six months later because of the economy.

      The funniest part was this company I was fired from didn't lock me out for several days...so I could have done some damage...but didn't. Companies don't take due diligence...they deserve whatever happens to them.

      --
      Don't worry about the world coming to an end today. It's already tomorrow in Australia. - Charles M. Schulz
    7. Re:Employer could always be nice by MobileTatsu-NJG · · Score: 3, Informative

      True, but you'd have to know that it happened. All the company has to do is say: "We're not interested at this time.", not: "We heard about what you did to the server, forget it."

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

    8. Re:Employer could always be nice by hey! · · Score: 5, Informative

      As for still having access, I wouldn't know. That would require testing for it.

      I've never been fired, but I have left jobs where I had access to sensitive information. What I did was write an distribute memo which listed everything I could think of that I needed to be locked out of, then sat down on my last day with the person who was supposed to do it and made sure it happened.

      Protection is a two-way street. Not only does it protect my former employer from me, if anything happens after I leave it makes it less likely suspicion will fall on me. Besides that revenge is a juvenile act. It feels better to do the right thing and move on than to gloat over the power you wield over the people you left behind.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    9. Re:Employer could always be nice by lightknight · · Score: 4, Interesting

      Hmm. In my case, I drop what I'm doing, and leave.

      So far as I cam concerned, if I'm fired, the network / users are officially no longer my problem, as of that exact moment. I don't plot revenge; if I've been doing my job, and the firing is unjust, my absence will slowly deteriorate the network / machines into an unusable state (let the users solve their own driver installation problems, and good luck with the servers if / when the RAID goes down). If it is just, then I'm sure someone equally or more capable has / will be hired to maintain things.

      You'd be surprised what happens when things are left to their natural tendencies (it usually takes 3 months before things have gotten bad enough to warrant a phone call).

      --
      I am John Hurt.
    10. Re:Employer could always be nice by CAIMLAS · · Score: 4, Interesting

      However I had wisely created a "emergercy care package" for myself in the form of various pieces of informations and when I went to court, some of that information was used by my lawyer to very deadly effect.

      As someone who's going through something very similar now, let me ask: what was in your care package?

      --
      ~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
    11. Re:Employer could always be nice by kaladorn · · Score: 4, Insightful

      The last sentence is the real secret.

      If an employer doesn't want me, I don't want to be there. If they want me but can't keep me due to overall economics (it happens in contracting regularly), then you just smile, thank them, and move on and you may well be back working there again later sometime.

      Revenge is not only infantile, its often criminal. Is it really worth getting your @$$ kicked and fined or jailed? Don't think so.

      Never burn your bridges, even if the other side are unmitigated jerks. You can be the bigger man. Even if you get the short end of the stick, somebody will probably notice your conduct and recognize it for the right way to behave. Sometimes you might end up working for them 5 years down the line.

      Case in point:

      Final year of college (software engineering) in city A, I did a project with well known embedded POSIX compliant OS vendor in city B. I met some of their staff.

      After completing the year, I had a bunch of interviews in city B at a different company. On arriving, I recognized one of the guys I'd be working with/for. It took us most of the time there to twig to what it was. I'd met him in City C at COMDEX working for the POSIX OS company from city B. He was now working for another company (whom I went to work for as well).

      I'd met him months before at a computer show in another city entirely and only coincidentally happened to be doing a project for the company he worked for, then we met at an interview for the company I was actually interested in working for and there he was.

      If I'd been a jerk beforehand, he'd have remembered. As it was, he remembered me favourably. The interview was good enough I got hung with a fun nickname even before I was officially hired!

      Beware the bridge you burn, it might be the one you need to advance across later.

      --
      -- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
  10. Rule of Thumb for Employee Theft by Anonymous Coward · · Score: 5, Insightful

    As someone who has been laid off from a job (and forced to wipe the hard drive of my personal laptop before I could leave the building), and who has had to hire and fire dozens of employees over the last 10 years, I can offer a bit of insight:

    10% of your employees would never steal from you. Ever. It wouldn't occur to them to do it.

    10% of your employees are determined to steal from you. It's why they applied for the job!

    The other 80% are swayed by circumstance and opportunity. If you treat them like crap (when they're employed or when you fire them) or make it clear that you're lax on security (often as simple as not paying attention), they're going to steal from you. Treat them well (as employees and as ex-employees... don't just toss them overboard... give them a severance package... give them a nice letter of recommendation... make some genuine effort to ease this life-altering transition and show them that you care about what happens to them after they leave) and maintain good security practices and you will drastically cut down on the number of people who steal from you.

  11. I think a lot of people would have issues by johnny+cashed · · Score: 4, Insightful

    The problem I have with this is the hypothetical "if you were fired tomorrow" angle on the survey. Why would I be fired tomorrow? For cause? Due to downsizing? A lot of people would feel threatened if they were suddenly fired, especially if they can see their termination as unjustified. This doesn't justify their potential actions, but it really leaves out a lot. How many people, if they were fired tomorrow, would come back with a gun and start shooting people? Probably a lot less. Was that question on the survey?

  12. Re:Solution: by epyT-R · · Score: 4, Insightful

    This is the mentality that causes people to stick it to the holy churches of corporate psychopathy in the first place. subject employees to hostile working environments like slaves, and they'll act like slaves when they rebel.

  13. The article title is wrong. by sconeu · · Score: 5, Insightful

    That's why you don't understand.

    The title should read: " MANAGEMENT Admits They'd Walk Out With Stolen Data If Fired"

    TFS says they surveyed managers and executives, not rank and file.

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
  14. Biased Survey? by ark1 · · Score: 4, Insightful

    An ID management provider does a survey designed to promote identity management. Why should I trust them?

  15. This figure seriously boggles my mind by serutan · · Score: 4, Interesting

    In 30 years as a software dev I don't think I've known more than a couple computer geeks who might have the guts to steal data, let alone the personality to locate a buyer, negotiate a price and actually follow through on the deal. Sure we've all seen Office Space and talked trash about what we'd like to do to a company, but at the moment of truth, no way. And managers tend to be even more gutless -- something tells me the survey results were heavily skewed by false bravado.

  16. Offsite backup by Kim0 · · Score: 3, Insightful

    "Stealing data" is another way of saying "offsite backup".

  17. Don't burn bridges by Fencepost · · Score: 4, Insightful

    The one time I was laid off (knowing it was coming for months - closing an entire facility, plus I got extended a couple times and had turned down an offer to move to Dayton, Ohio), I was working on wrapping up a project up to the very last day. The last parts were documenting, etc. but when I walked out the door I had my personal laptop that I'd been using for some development work and testing.

    What did I do with the company information on that laptop? I zipped it all up, burned it to a CD along with an index/directory and notes on what might be of interest in case there was anything like homegrown test tools that wasn't on my main system, and mailed it to them. What did I get for all this? Thanks for being so great about everything, which kind of confused me - they'd offered to keep me on if I was willing to move and I refused, and I wasn't going to screw the people I'd been working with for years.

    If you dislike the people you work with enough to screw them when you leave, you're in the wrong place (mentally, physically, whatever) already.

    As it turned out, I ended up doing some fairly substantial hourly consulting for a different division of the same company a few years later, and I suspect that had I pouted my way out the door it wouldn't have happened. I didn't end up needing any of my old coworkers as references (jumped into freelance work with some other former employees), but I have no doubt that I'd have been able to get good references with no difficulties.

    --
    fencepost
    just a little off