Slashdot Mirror
Ask Slashdot: Dealing With User Resignation From an IT Perspective?
New submitter recaptcha writes Today one of my fellow workers has announced he has found another job and will be leaving our company in two weeks' time. This is all above board and there is no disgruntled employee scenario here; he is simply working through his notice period and finishing up some jobs. I have already set some fileserver folders to Read-Only for him and taken a backup of his mailbox in case he empties it on the last day. Which best practices do you follow that will prevent a resigning user from causing any damage (deliberately or not) in these last days of employment before his account is disabled?
Get him to delete anything personal, because chances are his co-workers are going to be asking for access to his files and emails so they can continue whatever work he was in the middle of.
If he is not a disgruntled worker just work with him to set up expectations from the IT side of things. Do you expect him to turn his computer in? When? Should he delete files off? Yes/No? I think most people would be happy to work though an exit checklist and it would make you seem really organized. But if the employee has it in for you, then you may want to do more than that. But it looks like you've already made back ups of things that you think may be important. In any case, I would formulate a standard policy for people leaving the firm. So that they have clear expectations on what needs to be done on the IT side of things.
We use Google Apps, and a lot of our people create google docs to share with each other. In the past (not 100% certain if this is currently the case), when we have deleted a former employee's google apps account, their docs (of course) got deleted with it. Whoops!
You have fucking backups right?
What's he going to remove from your access that's critical to you, under that scenario?
Don't bother with all that shit, and if you think he may do something malicious (e.g. send out inappropriate emails, steal the customer database, etc.) then shut him off now and pay him to "work" his last few days out at home.
But putting fileservers on read-only in case he does damage? That just tells me that you have no concept of data resiliency anyway.
If you really are that concerned, then he doesn't leave your office after meeting with you to resign until security is at his desk with a cardboard box for him to fill up and he gets an escort to the front door.
Gardening leave.
No ifs, no buts. Give him his shit in a cardboard box, revoke his pass, get security to escort him out. Pay him to serve out his notice at home.
I've known many people who have tendered resignation letters and are then immediately ostracized by the company, security follows them around everywhere, they're asked to leave the building immediately, etc....
Don't do that. If this person wanted to cause damage, he would do so without announcing his resignation. Take some precautions, but don't treat him like an outsider. He's still an employee during his notice period; treat him like one.
Remember, he's leaving somewhere where he spent a good 1/3rd of his life. Change is not easy, and paranoid asshole-ish behavior makes it 100x as hard. Plus, you want him to be an ally to your company in the future, and not a potential enemy.
There should already be backups in place and security safeguards to keep such an employee -- as much as possible -- from causing harm. Employees leave all the time, planned or unplanned, willingly or not. Certainly you want to make sure all their uncompleted tasks are turned over to someone else, but preparations should have already been in place in case health problems or personal issues cause a sudden departure.
===== Murphy's Law is recursive. =====
Every time I've known I was going to turn in my notice, I end up going through everything and cleaning out any personal stuff and clean up my mailbox before the letter ever gets put in. You never know if you'll be given the opportunity to do that once your notice is in. If there's anything that needs to be saved, it's a good idea to keep a rolling backup of it now on everyone. That way, when someone turns in their notice (whether everything is above board or not), you have everything you need and you're not scrambling to catch it before the employee deletes it.
Anyone in a trusted position like IT in general would be insane to do something stupid and commit career suicide.
I remember leaving one company and I was the one who ended up turning the lights out on my last day.
You can't fix people problems with technology. It Does. Not. Work.
Take backups of his stuff and forget it.
If a savvy employee wants to cause damage and/or steal information he WILL FIND A WAY.
Many workplaces get security to escort you out of the building when you give notice.
You don't change access unless management says so in writing. If you take any action without instruction and screw up (forget to remove access or remove too much) YOU are now in the hotseat.
If there are concerns, the company should revoke access immediately and pays out the notice period.
If there aren't any concerns, why the extra scrutiny now? Any data theft or time bombs have already happened.
Take him out for a beer/whatever and wish him well. Maybe you'll need the contact in the future.
If this guy has a good working relationship and is not leaving because he is disgruntled, why worry about his access until he's left? If he is disgruntled, then cut him off completely and, as another wrote, let him work from home but be available for answering questions.
I never understand how managers let themselves be so unprepared for workers leaving. It should be standard practice that you don't allow people to keep things on their PC that are important to the entire company. Use source control and ding those that don't use it. Use document management software and ding those who don;t use it.
I've been fired and I've quit. Every stitch of work I've done for the company has been available to everyone well in advance of my leaving. There's no excuse for anything else. I've always maintained that anyone who needs to guard information isn't work having as a co-worker.
It isn't like he is going to be productive anyway. Lot's of companies do this, nothing personal. Have a nice little staycation on us.
I am very small, utmostly microscopic.
Removing access immediately is important for 2 reasons. The first is obviously security. Then 2nd is figuring out what he does & making sure somebody else has that access & knowledge.
If he's still in the office & gets a call or something to fix an issue it will have to get bounced to somebody else. You'll have him available to do knowledge transfer on what he use to have access to do. If he's not in the office, but still getting paid he's still available for knowledge transfer. If he's past his 2 weeks notice, he has 0 obligation to assist you guys or provide any knowledge & training to his former employers.
Whenever I give notice I expect to loose my administrative access pretty much immediately. I've already backed up anything personal. I feel no disrespect when it happens. Seriously? Boho, you are giving me 2 weeks of paid vacation time, cry me a river. It's slightly annoying if I'm still around for those 2 weeks with no privileges to do anything, but I know exactly why they have been removed. Being ostracized is one thing (and not really kosher), but merely having admin credentials revoked should be expected.
As far as a security issue goes, any competent disgruntled sysadmin has already done the done the damage or set the logic bomb before they have given their notice. Still, better safe than sorry.
When I read the subject line, I assumed the definition of resignation to be:
'the acceptance of something undesirable but inevitable.'
This describes the attitude many users have toward the IT department.
Have gnu, will travel.
Pretty much any company that has to let somebody go (especially if that someone has access to critical files: source code, legal docs, etc)...there is always the "what we do to protect ourselves in case this guys goes nuts and destroys company property?"
First, only a very dumb person would attempt anything like that since that could have criminal implications. There are files that are worth thousands or millions (or whatever the company says). If our guy found a job somewhere else, he has a vested interest in leaving in the best terms...there is no gain in settling scores with the old-to-be employer at the last minute.
Second, and this is the most important factor, the discussion about mitigating the risk is interesting since it was the person who's leaving who actually put in his notice! This means, he's leaving in his term, and in the exact time frame his chose. This means, he could've cause all the damage he wanted _before_ resigning, not after all eyes (including the OP's) are on him!!! Of course nothing guaranties the guy wouldn't go nuts and do something stupid in the last minute (see German pilot in the new currently). We just have to keep our fears in check and make sure all parties are respected and be civil about the whole thing. As previous posters mentioned, there should always be a rigorous back-up policy in place so anything that gets deleted by ANYONE can be recovered fully and no interruption occurs in production. It shouldn't matter if a user put in a notice or not. This is why some large companies just don't give access to the C drive for their users...My Documents is on a mapped drive that gets backed up.
Comments like this leaving me wondering why anyone should bother giving two weeks notice. Just tell the company at the end of the day, "I'm leaving and not coming back."
In more than a decade - if notice is tolerated, no harm has ever been done; That is, if the higher ups deemed it worth their money to not terminate them on the spot, then there's probably no point in prophylacting their access. I mean log everything to CYA, but people leaving on happy terms aren't likely to set up time-bombs,
Why isn't there already a policy in place which anticipates and addresses your question?
My experience, personal and seeing others - he packs a box of personal things and goes home, making himself available via phone/personal email for the 2 weeks.
You absolutely need him there to transition the job? Again, poor planning - what would you have done if he had gotten hit by a bus?
"National Security is the chief cause of national insecurity." - Celine's First Law
I worked at a place for 7 years as a developer. I gave 2+ weeks notice. I was immediately bolted to another dev and we began the brain drain on getting that person (more senior) up to date on all my systems. I retained full access to all of the systems I had prior. I was removed from all new dev work and was a "reference point" for the remaining developer base for the remainder of my time.
A DBA at the same place left about a year after. He didn't make it back to his desk before he was given his boxes.He was paid to "not work" from home. Part of that was risk aversion, because of his production access and part of it was his everyday attitude.
If you show yourself to be low risk, you will be treated as such. It is in the company's best interest to siphon off as much knowledge at possible, but not at the expense of a disgruntled employee with production access. The comments about "locking file-shares and emails" was silly. If you are doing pre-delivery archiving and server file system level backups, you're doing it wrong.
Suborbital [spaceflight] is the special olympics of spaceflight. - Rei
I've been in my first Systems Admin role for the last year in a small-medium manufacturing company with maybe 100 office workers between two sites. I had to deal with a few amicable departures and a few disgruntled departures. The planned ones are great. Usually, when they give their notice, I go through with them just what we do. Said operate like normal, the day they leave or day before (Up to them) they just turn their laptop in, and see me to make sure email is removed from their personal phones if they have them. I've been nice, usually helping some sort out/save some personal emails or contacts they they might have mixed in in the years, same for files/pictures and whatnot. We have currently backups of email, network files so if they decided to delete stuff, we could recover. What I do is usually offload the users profile files on the local PC to a stash folder we have for admin only access on the network, then we export their PST file out of our exchange folder, store it with that data, then remove it from the system. They we wipe the laptop, and reuse it, or donate/give it away depending on its age. Emails are forwarded to their supervisor, and supervisor gets access to their network share folder. We had one or two terminations that did not go well since I've been here I was involved with. One had a laptop, one had a BYOD phone with email. Both went well as we able to limit access as they terminated. However, there has been a few other untimely terminations as of late of users that had accounts, and email, but no BYOD phones or laptops to which IT was not notified by HR or Supervisors/Management. These users could still have logged in via out web-email platform, but didn't. This is a case we're bringing up with management to let IT have timely noticed of pending/current terminations to prepare outselves to make life easier so we dont have to restore from backups.
. ... etc., etc.).
For example. Be transparent with any equipment lists that document what equipment are in the employee's possession. Share the list at least yearly with the employee so there are no surprises (and the resulting badness) if an employee leaves. There is little else that generates ill feelings than an out of date equipment list for an employee (what do you mean I have to turn in that laptop? I turned it in two years ago. What!?!?! You want me to pay for it?
Provide a great work environment so employees don't want to leave.
Look at what you think concerns you when an employee leaves, and then think about what you should do while the person is an active employee to prevent your concerns from occurring.
Don't solve the problem after it occurs, prevent it from occurring.
You have data backups & resiliency in place as a matter of policy, right?
What's policy (probably HR's responsibility) for this scenario? That's what you do: follow policy, nothing more, nothing less. If there's no policy or procedure, then you do exactly that: nothing.
Don't improvise. This is an HR issue. You have NO idea what legal or other policy minefields you're stepping into. There are only downsides for you.
If management trusts the person, and he is leaving on good terms, then you don't need to do anything unless directed to do so.
You could make sure you have plenty of backups. But you should already have them.
I'll see your senator, and I'll raise you two judges.
Shake their hand, tell them (truthfully!) that they will be missed, their work has been valued, you will give them a good reference and pay out their last 2 weeks no problems.
Then IMMEDIATELY close all their access and politely escort them out the door.
It's the only way to be certain and address all risks: It's easier to justify the cost of 2 weeks salary than it is to deal with any fallout from problems. This is the way it's done in large enterprises where they have done risk assessments and looked at their own history of related problems.
Sometimes the "writing on the wall" is blood spatter...
Why are you suddenly panicking and treating him like an asshole now he has anounced his resignation?
If he had ever had the intention to Do Bad Things(tm) why don't you think he also had the smarts to plan ahead and do it the day before he quit?
And also.. backing up his email in case he deletes his inbox/sentbox? Are you serious? Why don't you require that this should be deleted when he leaves? Most people do that on leaving just for their own personal security purposes. In fact many compnaies specifically require existing employees to explicitly not keep emails beyond some period. His email may well legitimately include personal stuff such as from HR that he should reasonably expect to be kept private, i.e not archived potentially permanently for perusal by IT staff anytime later.
So you made a backup of his mailbox, NOW as he is leaving?
I hope you make back ups of your source control system more often ...
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
some companies have policies for how this is dealt with. i guess if you know and trust the guy, you could have him stay and wrap things up. when i say "know", i mean that you will continue to see him in some fashion (friend, relation, etc.) after he leaves the company. otherwise, i would, at the very maximum, have him stay around just long enough to hand off all of his tasks. Then he can go through the exit process and take the rest of the time off. depending on the situation, you could get more draconian than this.
In "The Firm", partners who wanted to leave were talked into staying a couple extra months to get their projects in order. Then, they invariably died under mysterious circumstances, but were immortalized by their portraits hung in the lobby, with a moving eulogy delivered by the managing director.
Everywhere that I have worked have instantly suspended status (put on leave) and put them in 'Exit Interview mode' and sent them home.
Accounts were immediately disabled and laptops and company issued phones confiscated and forensically backed up (no power to the operating system).
Regardless of the future employer being a competitor or not, they could never aford the "risk" that Investors would sue for Negligence in exposing proprietary Information. Even a trivial press release referring to an Exiting employees remarks with privileged access to company data was just 'Too Darn Expensive'
Switching them from 2 Week to 2 Day made the HR implications far less daunting.
They left the "official line" 2 Weeks (except for IT help) it was always in the contract language they could reduce the pro-offered exit time notice by any employee.. they still got paid.. they were just put into "risk management mode".
It's not being a A.hole.. its called covering your bases.
Perhaps I'm the exception, but I haven't experienced this "I'm going to f#$k off for the last two weeks before I move to a different job" scenario presented here as "the norm".
Pretty much every place I've worked in IT(except one...) I literally worked until about the middle of the last day, whereupon my boss and co-workers would take me lunch and drinks, etc;
Here is really bad example:
I was the only IT person at a smallish company(~50 employees) that had three sites, with a NetWare 5 server at each location. One of the three Netware servers went down, forcing me to drive to the other site and troubleshoot the server while my going away party was in progress(thank God for backups!). I returned heroically to the party after it was over and all that was left were the leftovers...
We play the game with the bravery of being out of range
Are you telling me that just because someone put in his 2 weeks notice he's higher risk to destroy stuff? I think the whole premise of this question is wrong.
We use rsync.net with 7 daily, 4 weekly and 7 monthly snapshots. Everything is included, specially email.
Anything missing off his computer compared to what's in rsync would be highly incriminating. The practical effect is nothing can be deleted.
If you are that worried about someone you work with there's probably more to the story. If the actions of a single user become your responsibility for not "protecting the company" that's a pretty good indication of a workplace with a general lack of trust. Find someplace else to work.
It's worth pointing out that you can't know that this isn't a "disgruntled employee scenario" unless you have learned to read minds. They wouldn't be leaving if they were 100% happy.
If he's smart and malicious, you're already screwed before he ever told you he's leaving.
If he's not smart, you have little to fear, but may get a good laugh out of it.
So, having him delete his personal files (for reasons of courtesy and legal liability) and then backup his work. Part as friends and professionals.
...then you're just going to be buttfucked by the ones who get up to mischief before they resign. You should have the ability built-in to recover from whatever they do, whenever they do it, because the worst damage is done by the insider you never suspect.
I'm generally in favor of the idea of that once someone submits a resignation, you might as well just tell them they don't need to come in. They can't get anything meaningful done in two weeks anyway and if you "need" them to explain what they do/project status/etc, then you're doing it wrong anyway and you won't find two weeks nearly enough time to get caught up.
Plus, what kind of leverage do you hold over someone who quit and has a job, anyway? Short of criminal behavior, you've got none. I've known a couple of managers at companies I worked at who were total assholes to employees who left, demanding extra work, tons of documentation, etc. It baffled me why the employees put up with it and knowing one manager in particular, I'm sure her employees hated her anyway and fucked up the work she made them do anyway. I know I heard rumors of shredded original billing materials and other documentation.
If you're desperate for a resignees information and talents, the best choice is to offer them a consultancy contract for real money. I think this gets people's respect, real quick. It shows you actually value their knowledge and skills (versus some bullshit words) and it buys you some leverage, since no work == no pay. But it has to be real money and guaranteed, "we might want you back for something later..." is no more believable than "let's have sex tomorrow instead." Tomorrow never comes.
The notion that there is some kind of Gentleman's Rules surrounding employment is over. Everyone knows they can be axed at the drop of a hat and most people feel no loyalty to their employer (or shouldn't, anyway) and could walk tomorrow. You have to be prepared now, not when they leave.
Which best practices do you follow that will prevent a resigning user from causing any damage (deliberately or not) in these last days of employment before his account is disabled?
Trust?
First off, backups are the solution to this - don't let important things be stored locally. (Not that it matters, the new hires always like to reinvent the wheel.)
However, a bunch of things need to be solved from an HR perspective. You need to make a checklist for HR on how to handle IT things. Things like, "Get the PIN code to their iPhone" or "Make sure social media accounts have documented passwords" that'll make your life easier.) Basically you have 6 different situations:
I remember working with a telecom guy who installed a campus wide fiber network. When he was terminated I was slightly concerned he was going to take a pair of boltcutters to a fiber ped.
----- obSig
People start and leave jobs for a variety of reasons. Maybe their spouse got a giant promotion but had to move. Maybe their parents are ailing and they are moving closer to take care of them. Maybe they just want to do something new, or change careers. There's a multitude of perfectly rational and otherwise sane reasons people change jobs.
Why are you even considering treating them like an asshole? If they have given their notice, they should be finishing things up. If there's a project they are working on that will not be completed, they should be working with who is going to take it over to transfer the knowledge. They should likely document anything they did that wasn't documented. So on and so forth. Maybe you go out of a good bye lunch or get a cake to wish them well in their new endeavor. But why treat them like an asshole? Who knows, maybe your firm will start going the wrong way and they will get you on at the new place.
Once they are gone, then you should have a procedure to deactivate the account, delete files, shut off email, have inbound mail forwarded to their old manager, etc.
If you DO think they are going to do stupid things, then they should have been fired a long time ago. But if they are just leaving with proper notice, you likely don't need to do anything special.
Day 0 (day of notice)...
Have the backup admin restore snapshots of the following (in a new base directory) -- oldest available backup, recent backup and today's data:
Home directory
User's computer
User's email/cal
Store these for at least 1 year, either online or in a long term backup pool. If allowed by corperate retention policys, disable the auto falloff of backup pools for each service/system that the employee had administrative access for until you are comfortable no deletions or breakage has happened. Usually I recommend extending backup pools to go for 6+ months over the normal pool retention.
Image this user's desktop/laptop of backups do not exist and store as above.
Collect coworkers and notify them of the employee leaving. Ask the coworkers to come up with a list of any elements where they feel the user was a "lone gunman" -- where he/she was doing tasks that are not well documented. If your policies are good, there should be very few of these as the documentation/peering should have very few gaps.
For each of these documentation or task gaps, assign employees blocks of time over the next two weeks to gain any information that may be needed to continue these tasks. Front load these meetings in smaller timeblocks in the two week period; this allows gotchas to expose quickly and gives you more time to reevaluate any priorities while you still have time.
Limit access (or not) for this user based on HR policy and risk assessment. Depending on the policy and risk assessment the user may spend the next two weeks as an informative voice with no access to any computers or services.
Direct this user that any new requests that come in must be "peer handled" where the assigned replacement user handles the tasks and pulls this user into it for any help. The assigned peers should from this day take on any daily or user initiated requests that this employee would have normally handled. This also helps expose any gaps in documentation.
Review the user's email for the last few weeks or months and note any direct requests that have come in -- this will help expose repeating tasks that business units may have been asking of this user that will need to be backfilled/documented. It also serves to help you redirect these users into the defined intakes if there are any.
Review VPN/access logs and note all IP source addresses of connections for this user. This step gives you some baseline (non complete) for future audits to help connect access attempts to this user.
Have the mail administrator (if this user's risk is low enough to retain mail access) configure this users mail to copy incoming and outgoing mail to a peer (that is responsible for peering incoming requests).
On day of exit.
All close action coworkers should be required to change passwords across the board; it is not unusual for IT employees to have access to passwords over time because of many reasons. Depending on risk/role of employee consider requiring a larger subset (or even all) employees to change passwords on this day.
Store this users laptop/desktop as is for an extended period of time. If applicable and not a normal exit procedure, image these devices and store along side the other data for this user.
Is it really your job to make these decisions, or are you taking it on yourself without any authorization or direction?
If you trust him, work through his last days as usual, just switch him to hand-over tasks instead of new work.
If you don't trust him, walk him out now and revoke all access.
1) Make sure access is reduced as much as possible. Immediately pull remote access.
2) Make sure the person documents things and walks through the docs with others to show them how things work.
3) If the person is mostly caught up let them slack, e.g. come in late and go home early. If remote access is pulled then there will be less time for any shenanigans to occur. "Beach time' is an extreme example of this, i.e. and effective 2 paid weeks vacation. But I like to have the person around in case anyone needs their help during the transition.
4)Archive the person's files on any public servers. Let the person clean things up. If you find anything personal inform the person and let them clean it up.
5) Organize a 'fare thee well' lunch and/or take them to the local pub after work and buy a round or two. It can help smooth over any personal conflicts.
There are other posts with similar good advice. But one thing no one mentioned is that by restricting security you are also protecting the person who has resigned. It is conceivable that someone else on your team can do something nasty and then pin it on the employee who just left. No one else seemed to realize that.
putting the 'B' in LGBTQ+
Ask him if he'd be willing to take some consultant work on the side, or maybe throw him a good goodby party. Simple things mean a lot.
excitingthingstodo.blogspot.com
I bring this up any time someone is leaving, and even when I have left places. You should review all access, change all passwords he may have had, revoke all access that he had.....and you do this....as much for his benefit as for yours.
He is leaving, he is naturally the person who is going to be blamed, either directly (he did it) or indirectly (Oh he used to do that, and hes gone now....). Thats normal, and some amount of it is fine. However, you owe it to yourself AND to him to be sure there is no question that, if there is an incident, there is no reason to suspect him.
Nobody wants to be in the situation where there was a compromise after an employee left, and now there are questions. If there is an incident there will be questions either way, but the only person who benefits from his still having access is the attacker whose actions are the problem.
I felt better knowing my access has been fully revoked and there was little chance of there being questions later.
"I opened my eyes, and everything went dark again"
Honestly the bigger worry isn't malfeasance it's the things he might try to fix before leaving. I've seen more things horribly broken by the trying to finish what they were in the middle of. Or that last couple of things they always meant to fix...
It doesn't matter how they fire me. (Getting called into HR and the next thing I'm pushed out of the building holding a box with personal things on my desk; IT already cancelled all my accounts)
I might disagree with the company but I wouldn't damage it.
That's step 1. Get your employees to actually like the company.
What I described one of the worst scenarios of getting fired. What normally happens in a functional company is that we talk things over. X can do my tasks and I'll need Y time to train him/her.
What I'm trying to explain is what you are thinking of should be a 1% case, in 99% other cases people talk it out. If those percentages differ you should look at how the culture in company is.
It's the only way to be sure.
IBM is famous for this. The moment you give notice your security badge is revoked and you are marched out of the building to enjoy your paid vacation for however long your notice was.
-73, de n1ywb
www.n1ywb.com
Either you trust the person or you don't. If you do, tell them to use the last two weeks to resolve any unfinished business and make sure the people left behind have the appropriate information to take over. The person doing the work that needs to be transferred know better than anyone what needs to be done. If you don't trust them, just have security escort them out immediately.
As I think it is now all too clear, the most important step is to have clear HR policies in place (reviewed by corporate consul) before you have to ask the question. It should not be up to the individual to make up rules (that may be inconsistent from manager to manager), because that way leads to foreseeable failure scenarios.
Legal/HR is likely to say that in order to protect the company, revoke all access immediately, and escort to the door after taking any access tokens (keys/cards), and have every admin account (they s/he might have had access to) change their password immediately. And notify all (relevant) parties that this individual no longer works for the company, and should be treated as just another guest/visitor. This goes for both employees choosing to leave, or termination. Note that this also protects the employee. If something (IT related) happens after the notification, it was not the employees doing, and there can be limited finger pointing.
And, most importantly, make sure those policies are well known (and how it protects the person leaving) so that there are no surprises, nor recriminations. It is just "business as usual".
I worked for a large company (thousands of employees) and was laid off with almost twenty others on my team because we had basically completed the project that we had been working on for some years. We were given notice that it would be happening a month in advance, some of us were asked to stay on longer (with pay of course) for knowledge transfer purposes. They had meetings going over all the expectations, all the necessary paperwork, tax implications, etc.
It was all very civilized, nobody got booted out. People finished up their immediate work and gave training sessions to the people that were going to be staying on to maintain the project. Everything went smoothly.
That is not at all what the person stated. If the company gives you a car for sales calls and you get busted getting a prostitute (again?) after hours the company has the right to know. Further they can be held liable for all kinds of nice damages since you used their car to get the prostitute. Impound fees you may no longer be able to afford, STD tests because the prostitute accused you of being dirty, pregnancy test for the prostitute, HIV testing if you got saliva on a cop, etc...
Some people have this notion somehow that digital devices are different somehow, but in reality they are not. Your computer and network is yours. A company can't go through your stuff as they wish, and you as an employee can do what ever you want on your computer and network. Using a Company network gives the company the right to snoop the traffic and see what you are doing. Using a Company device gives them the ability to know what you do on that device (PC, Tablet, Phone, etc..). Liability is an essential concept here.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
no text
Change passwords in as many places as applicable. Things may be amicable right now -- circumstances change, the employee may become disgruntled later. Or someone may try to use social engineering and/or impersonate that person.
Even if the only way into the innards of your operation is through a VPN connection they will no longer have access to, you should still change passwords on essential accounts -- those that would cause you the most harm if they became inaccessible or broken. Ditto for any public spaces that are not controlled by Corporate IT -- GitHub, company Facebook page, whatever. The higher up the ladder this person is, the larger the list of places you should be making sure are inaccessible after they leave.
The routine of changing passwords on this scale should be one that is well documented and regularly performed regardless of human turn-over.
Have EVDO, will travel.
I would ratchet up all audit logging possible relating to his accounts. That way, if he does something malicious or anti-competitive (eg download sales and client data) you have an audit trail.
If you don't trust him or otherwise feel justified in being overtly paranoid thank him for the offer and escort him out otherwise there is nothing for you to do other than your job.
I completely misconstrued the title of this post. I interpreted it to refer to IT end-users who are resigned to interminable frustration and poor service. That speaks volumes about the business. How depressing.
There's the weird perception that 99.9% of the world are creepy, scammy, bastards. No they aren't! Twice-nightly soap operas condition you to the idea that if someone steps on your toe then WW3 breaks-out. Of course not. Treat people with respect and get them on your side. (Of course if you're a vame[sic] 1P-shooter nerd then this won't make sense to you but everybody is born with social skills even if various media suck it out of them.)
I use rsync.net to back up everything. emails daily work whutevah I know what you've deleted or changed. U can run but u can't hide.
7 daily snapshots, 4 weekly, 12 monthly, 3 yearly. Delete something anything, I can retrieve it in minutes. I can tell what you deleted, and from there come up with motive. I have a minute by minute log of what everyone is doing with files. Trust doesn't even come into it.
Do the honorable thing and have him use his two weeks notice to train his replacement. His trustworthiness or lack of it doesn't even matter anymore. If he's a good guy you have someone you'd hire back in a minute. If not you've got the evidence trail for the prosecutor. We call that win-win.
And if you do discover that you have inadvertently hired a douchebag, fire them already.
As a consultant, I have privs to do all kinds of damage in all sorts of places to not only my company, but any number of companies I'm doing work for or have done work for in the past.
First off, I'm not a dick; even if I were leaving because the company had shafted me horrifically, rather than, as it sounds like here, because I hypothetically just found some other opportunity that suited me more... even then, even if I felt like being vindictive (unlikely), I'd still restrict any harm I thought I could get away with causing, to those people who actually deserved it, not indiscriminately start screwing things up in a way that would harm all kinds of other people who had nothing to do with whatever hypothetical thing I'm imagining the company had done. Anyone who you imagine might start deleting crap out of random databases or whatever, you should can the guy right now, cause what's stopping him from doing that *now* over some slight, real or imagined?
But secondly and far more importantly, if I were that sort of person, and I was disgruntled, do you think I'd tell you and give you a chance to lock me out? That'd be pretty stupid. If I were disgruntled and wanted to cause harm and then quit, I would obviously do it *in that order*. cause I mean... duh?
We usually find out someone has left or been terminated well after the fact because of "privacy laws." And though I'm Pollyanna-ishly glad that we haven't had a detectable data loss or breach yet, "yet" is the operative word here. I've warned, plead with and threatened HR and management to no avail.
"All you have to do is tell me to backup user data or disable access. I don't need to know anything else. But I do need to know that. Or I can give HR access to user objects and application permissions extensions and they can disable..." I say. So far it has gone no where.
And we all know how management loves to hear "I told you so!" ...When the inevitable does occur.
Makes we wonder in awe at how much nefarious disaster in the world is averted because a normal user is also a somewhat moral creature and how much is just due to not knowing how much damage they could inflict.
I'm not sure what country you are in, but where I live making an email backup for the reasons you made it for would almost certainly be illegal under privacy law.
More in general, your systems and procedures should be designed to be able to deal with hardware failures and other unforeseen problems. You probably have backups, audit trails and access rights etc. where it matters. Therefore I don't think there's anything you should do at all as long as the paperwork that allows him access is still valid, which it is. He's still just a normal employee. There's no reason whatsoever to all of a sudden start treating him like an asshole.
0x or or snor perron?!
Without physical access control, setting folders to read only and stuff is mostly security theater. Either trust the guy or kick him to the curb.
Good time to review where and how data is stored, In any business big or small no valuable company data should be stored on a personal computer. All systems should have security systems in place to stop tampering with data from both internal and external sources etc..
I have already set some fileserver folders to Read-Only for him and taken a backup of his mailbox in case he empties it on the last day.
Most folks aren't going to be engaged in destructive behavior when they leave ----- especially if moving to a new job. Therefore marking folders 'read-only' shouldn't be the pertinent thing. The greater danger is, they steal information. Not they destroy or corrupt information, which should be backed up anyways. And if they were going to, they probably had all the time they needed already. Why would they engage in the suspicious activity AFTER giving notice; given that they may be able to reasonably expect being released on the spot (for security reasons)? If someone wanted to be naughty..... wouldn't it make more sense to do the naughty things, and then turn in their notice after they had been doing the naughty thing for 6 months in small bite-size pieces unlikely to be noticed, or explainable away in any one instance?
I refer you to IT separation duties:
Perhaps not the best idea.... unless these are permissions he wouldn't notice going away.
I would firmly suggest instead: audit all activity.
You do have file access auditing on your file server, and capture of audit logs to a safe location, right?
You might adjust the auditing parameters for the user to audit all activity, even when normally not all is audited.
Seriously.
This option exposes the company to the least amount of possible damage the user could do.
Lock all his accounts down.
Obtain password lists to any external (but still company) resources this person may have had.
Hand him his check.
Thank him for his work.
Watch him clean out his desk.
Escort him out on his 2 week vacation.
People think it's rude and heartless.
I've seen people leave companies on ostensibly "friendly" terms, only to come back and find that said "friend" fucked them over, delete a bunch of stuff, stole things, etc.
So, give the outgoing employee your respect, but DON'T continue to give them access to company resources.
The amount of money lost in "productivity" is inconsequential compared to the time and money that could be lost by someone cleaning you out.
And sure, it's never happened to YOU...until it happens to you.
Chas - The one, the only.
THANK GOD!!!
It may be better for the employee too. After all, if I were working out my last couple of weeks I'd be paranoid about making some critical mistake and screwing something up. I'm careful anyway, but things can go wrong and if they do at a time when people are suspicious anyway then there'll be a law suit.
Nullius in verba
My first job out of college was a small manufacturing company with about 30 in the front office. A new CEO came on for "new direction" crap blah blah. Anyhow the VP of Sales quit. It was on good terms but he'd had enough of the new direction. Owner, president, HR, everyone liked the guy. I was notified first thing AM by HR & CEO, and I asked them if I needed to lock him out of systems and email. They both said "no no we're going to give him a few hours to clean up." He brought contacts, and he deleted them and all emails from outlook and wiped his company iPhone. I get back from lunch at 1:00 to the CEO screaming at me for letting him wipe the phone. I said, umm I asked you and you told me to give him a few hours, and his reply was obviously "you shouldn't have listened to me, your the expert!" Moral of the story - even if the higher ups say don't worry about it, worry about it (assuming you could be blamed).
If you don't have a company policy in place to cover employee turnover, your first job is to wander into the right boss's office with a draft of one and have a really deep conversation with him. X amount of the company's IP has wandered out thru the door with every churned employee and the legal ramifications are scary. Don't make up a process on the fly, use this to go get a policy set up.
I was once put in the spot of having the new boss essentially ask me to hack the old bosses laptop hard drives and network shares after he retired. I didn't have issue with giving him the company stuff under normal protection, but a Thunderbird full of personal emails? His Palm Pilot Desktop of personal memos and passwords and such? Backups of pictures and contacts off his phone? And the thing that really gave me pause, password locked directories and files marked 'Personal' (turned out to be personal salary information and retirement finance stuff). Nothing illigetimate, just the ordinary stuff a guy with a smartphone and a laptop lets accumulate every time he docks for a charge, trusting his passwords won't be overridden.
I had the brains to go to the Ethics Office, and at their direction, determine the nature of the files and let an HR type guide me in the legal aspects of eliminating all Personally Identifiable Information. Turns out we had a policy, but it was pretty vague, out of date, and didnt take into account recent legislation. I could have been giving my new boss all my old boss's salary and retirement stuff, plus his picture, social security number, address, credit card and bank account number and passwords, security questions and answers, mom's maiden name, anything you could want. Not to say my new boss would use such stuff, but by not knowing he had it, he might leave it where it could be found, etc. I was further informed that by overriding his password lockouts and making the information generally available, I could be exposing myself and my company to civil litigation risk. Lots of stuff about "due dilligence" and "willful acts".
If you have not already been trained, start writing the training. Turns out my new boss was pretty cool about the whole thing, once he found out what he might have gotten drawn into...
After about 4 years at a government department I resigned and worked at various other places for 6 years; I heard they were hiring again, quick call, they hired me again on the spot. First day there, found my account was still active (just needed to get the password reset) and all my old email and files were still there. I was productive from the first day. I left again a few years later. I suspect my account and files are still there awaiting my return :)
I don't do anything before they leave. I wait for the HR system to separate their appointment, then automatically disable the account. 30 days later it and the email gets deleted automatically.
Once I get the notice that the account was disabled, I work my checklist. First I save 60 days of log details about USB activity and computer logon history. I will check the file retention system we have in place to see what was deleted in their homefolder. If I see a lot, I will also check the department folder. Only once have I had to restore files back to their home folder. Most users know we are good about backups, they like us, and know it would only cause us work.
All user data is on the network. my documents and the desktop are redirected to the homefolder. Users are coached to use those default locations. User workstations are also backed up, but not as religiously as the userdata on the network.
Departments can request access to email within that 30 days but they are disabled. Homefolders are handled on a case by case. I usually review for personal items before providing a copy to the department. Once a year, I archive abandoned homefolders. I could delete them now that we have a file retention system in place but I don't.
Policy is that they don't get to take file with them. So my department will not assist with that. If I see HIPAA data in the USB activity, I alert the the HIPAA security officer and let him deal with it. If I see the file copy activity on my performance monitor dashboards, I will then remote connect to the system and inspect the USB device (powershell remoting, not RDP). Then I will go up to that user and have the talk about what is not OK and probably is OK for them to take. If their copy activity shows up on my dashboard it is because they are copying their entire home folder and they probably need to sort through it first.
Is some of this overkill. Yes, Yes it is. This is the result of a lot of "Why not, we have the technology?" conversations.
To anyone who has ever had anything to do with industrial strength desktop support, that post is a giant neon sign that your haven't got a clue.
The AC (not me) is giving solid advice on the subject at hand - for free - when know-it-all's such as yourself empty their bile on them, it discourages that educational charity.
Disclaimer: Degree qualified computer scientist working as C/C++ software engineer for the last 25yrs.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
Man, I am surprised at the level of knee jerk reactions when someone who was on good terms submits his two weeks notice. I guess you guys forgot that people can flip a shit, decide they are done at any given point, wreck havoc, and then quit? If you are so paranoid that this non-troublemaking employee might do something during his last two weeks, you should maybe make your fileserver ro for the entire org and take backup every 30 minutes or so, "just in case" someone flips a shit.
This is something YOU should take up with management, the company auditor, and company legal council to establish a policy and procedure for these things.. The resources you had placed to "read-only", do you know if there is a documented policy/procedure regarding terminations? If so do your actions fall under those guidelines? If not, do you understand what negative exposure you may be causing as a result of not following such a procedure much less having one in place.. Its great that your looking for some FREE help, but this is something for your company to decide, and document.. thanks, my 2c
This is lame.. I agree with the previous statements, let HR/legal determine his access rights at this point. Going back to the comment about FREE advise.. my suggestion engage your legal and HR department and create a termination procedure..
Where's my 2 weeks when I get laid off or fired?
I'm familiar with rsync. Hopefully he regularly cleans out his email after being made aware of your backup policy for email accounts.
If you ignore ACs because they are anonymous - you're an idiot.
companies in the US no longer DESEVE 2 weeks notice. the rules are no longer valid; they won't give YOU notice. don't give them any courtesy they won't give you.
Fact is, while I sure don't have personal relationships with companies, they are full of people that a) I have a working history with, b) can be references for future employment and c) may hire me again (or I may seek to hire them). It's not for the company that you give 2 weeks, it's for your coworkers. And you can, theoretically, just notice the folks who will be impacted by your departure and not your employer, but that's not really workable.
Pretending like you walking out on your coworkers is anything but antisocial is naive. Sure, some coworkers and managers are not going to care because your bridges are already burned, but personally, I've found most of my jobs through people I know and I've helped quite a few folks I know get gigs through connections.
In fact, I really prefer, when I depart, to try to find a replacement for myself - usually someone I know is looking for a gig, and my former employer is glad to get a recommendation from someone they trust.
Make sure everyone's vote counts: Verified Voting
....have him give detailed status of his work and then end his active employment. Cancel all his access and tell him to have a great extra paid vacation. If this concern is a recurring one find out why people quit. Although unattainable seek a turnover rate of 0.