Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Dealing With User Resignation From an IT Perspective?

Posted by timothy on from the here-is-your-read-only-cardboard-box dept.

New submitter recaptcha writes Today one of my fellow workers has announced he has found another job and will be leaving our company in two weeks' time. This is all above board and there is no disgruntled employee scenario here; he is simply working through his notice period and finishing up some jobs. I have already set some fileserver folders to Read-Only for him and taken a backup of his mailbox in case he empties it on the last day. Which best practices do you follow that will prevent a resigning user from causing any damage (deliberately or not) in these last days of employment before his account is disabled?

22 of 279 comments (clear)

  1. Delete stuff. by SuricouRaven · · Score: 4, Informative

    Get him to delete anything personal, because chances are his co-workers are going to be asking for access to his files and emails so they can continue whatever work he was in the middle of.

    1. Re:Delete stuff. by dale.furno · · Score: 4, Funny

      Its working well for secretary clinton

    2. Re:Delete stuff. by Em+Adespoton · · Score: 4, Insightful

      And beyond this... if it's on the company computer, it's on the company's time, and is the company's business. A lot of people forget this and use company systems for personal stuff, but it's still company data, and has been proven to be so in court.

      So yeah; back up everything now, and then provide a sanitized version for others to look through as need arises.

      The truth is, even if there's something critical in the backup, it's likely that nobody will ever know its there and so have reason to go looking for it. But CYA is always important for IT.

  2. Why not let him know what to do by misosoup7 · · Score: 4, Insightful

    If he is not a disgruntled worker just work with him to set up expectations from the IT side of things. Do you expect him to turn his computer in? When? Should he delete files off? Yes/No? I think most people would be happy to work though an exit checklist and it would make you seem really organized. But if the employee has it in for you, then you may want to do more than that. But it looks like you've already made back ups of things that you think may be important. In any case, I would formulate a standard policy for people leaving the firm. So that they have clear expectations on what needs to be done on the IT side of things.

    1. Re:Why not let him know what to do by BarbaraHudson · · Score: 4, Insightful

      If he wanted to screw with stuff, the seeds are already planted and will go off after he's gone. And if he hasn't wanted to screw up stuff, don't give him a reason to regret that decision by treating him in a dick way.

      --
      "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  3. Don't be an asshole. by ZorinLynx · · Score: 5, Insightful

    I've known many people who have tendered resignation letters and are then immediately ostracized by the company, security follows them around everywhere, they're asked to leave the building immediately, etc....

    Don't do that. If this person wanted to cause damage, he would do so without announcing his resignation. Take some precautions, but don't treat him like an outsider. He's still an employee during his notice period; treat him like one.

    Remember, he's leaving somewhere where he spent a good 1/3rd of his life. Change is not easy, and paranoid asshole-ish behavior makes it 100x as hard. Plus, you want him to be an ally to your company in the future, and not a potential enemy.

    1. Re:Don't be an asshole. by new_01 · · Score: 5, Insightful

      Exactly. And the best pool of potential new hires are from previous employees who realize that the grass wasn't exactly greener on the other side. Previous employees already know your system and processes and can be back up and running within a week or two with minimal training. Why people would ostracize them is beyond me.

  4. The correct answer should be "none". by Jaywalk · · Score: 5, Insightful

    There should already be backups in place and security safeguards to keep such an employee -- as much as possible -- from causing harm. Employees leave all the time, planned or unplanned, willingly or not. Certainly you want to make sure all their uncompleted tasks are turned over to someone else, but preparations should have already been in place in case health problems or personal issues cause a sudden departure.

    --
    ===== Murphy's Law is recursive. =====
  5. Do it before they put in their notice. by grimmjeeper · · Score: 4, Insightful

    Every time I've known I was going to turn in my notice, I end up going through everything and cleaning out any personal stuff and clean up my mailbox before the letter ever gets put in. You never know if you'll be given the opportunity to do that once your notice is in. If there's anything that needs to be saved, it's a good idea to keep a rolling backup of it now on everyone. That way, when someone turns in their notice (whether everything is above board or not), you have everything you need and you're not scrambling to catch it before the employee deletes it.

  6. Remove access ASAP by Fallon · · Score: 4, Informative

    Removing access immediately is important for 2 reasons. The first is obviously security. Then 2nd is figuring out what he does & making sure somebody else has that access & knowledge.

    If he's still in the office & gets a call or something to fix an issue it will have to get bounced to somebody else. You'll have him available to do knowledge transfer on what he use to have access to do. If he's not in the office, but still getting paid he's still available for knowledge transfer. If he's past his 2 weeks notice, he has 0 obligation to assist you guys or provide any knowledge & training to his former employers.

    Whenever I give notice I expect to loose my administrative access pretty much immediately. I've already backed up anything personal. I feel no disrespect when it happens. Seriously? Boho, you are giving me 2 weeks of paid vacation time, cry me a river. It's slightly annoying if I'm still around for those 2 weeks with no privileges to do anything, but I know exactly why they have been removed. Being ostracized is one thing (and not really kosher), but merely having admin credentials revoked should be expected.

    As far as a security issue goes, any competent disgruntled sysadmin has already done the done the damage or set the logic bomb before they have given their notice. Still, better safe than sorry.

  7. Re:Why? by Anonymous Coward · · Score: 4, Insightful

    Your comment would have been much more meaningful if you had been able to attempt to express yourself without the expletives. While I mostly agree with the content of your post, it loses credibility since you couldn't get a couple of sentences out without cursing. I am sure you are an intelligent person, but the expletives counter that idea.

  8. Re:If he's sufficiently important... by ckatko · · Score: 5, Insightful

    If that's the case, don't be a dick about it. Instead of "Go work from home for the two weeks because we're afraid you're going to fuck us over." Say, "Enjoy the next two weeks of paid vacation on us as a parting gift. Best of luck on your career."

    Both accomplish the exact same thing, but one of them doesn't create dicks out of good employees. I mean what's the chance he's going to be productive those two weeks anyway?

  9. Re:Why? by bluefoxlucid · · Score: 4, Insightful

    Malware isn't as targeted as an individual, although I've seen financial records damaged and personal e-mails disseminated by malware. My stint at various companies, contractors, government positions, and private sector jobs has given me a lot of exposure to shit that goes wrong. Even when I had little technical power, I slowly identified ways to leverage the small access I needed, and to gain higher access; access control is idyllic, and information often leaks around a lot due to the need for certain things to be available.

    I used to administrate IDS systems and approve firewall requests. In this capacity, I had no ability to do any real damage: every system I interfaced with was handled by an agent, either to install my hardware, to set my network routes, to configure the firewalls, to route span traffic to me, or to shut off ports when I discovered dangerous behavior on the network. I could damage our IDS, but nothing else. By contrast, those administrators each had a massive amount of power: they could sniff network traffic, route it for man-in-the-middle attacks, leak any information they wanted; even I was able to regularly extract administrative network passwords from our traffic, since our IDS ran decryption through our internal certificates and showed me raw attack traffic. I couldn't see your personal gmail account, but I could see the plaintext of your ssh connection to a CISCO switch.

    I do work in network security; most mundanes who dabble figure that security is this rock-hard wall of protection, or it's wrong. They often forget the definition of information security, which includes confidentiality, integrity, and accessibility; it is the accessibility that people most forget, demanding confidentiality and integrity while refusing to sacrifice either where accessibility is impacted unacceptably. In my example with the IDS, the IDS must decrypt traffic to search for attacks which may compromise confidentiality or integrity, yet it also reveals passwords to a small group of people who may themselves compromise confidentiality or integrity by using these passwords; this is why HMAC was invented, but it is not always available within a protocol suite.

    --
    Support my political activism on Patreon.
  10. Re:Having security meet him at his desk by Count+Fenring · · Score: 5, Insightful

    And it's a terrible way to go about things.

    Treating exiting employees like criminals when there's no established reason to doesn't improve workplace security - it just means that the person outside your company with the most current stories about how you operate has a story about how you treated them badly.

    You should absolutely be able to revoke people's powers, etc, but that's an "after they've left" step. Any damage you think you're preventing, they've already had the opportunity to do.

  11. Start when you hire the person... by QuietLagoon · · Score: 4, Insightful
    Treat the person with respect from the time you hire him.

    .
    For example. Be transparent with any equipment lists that document what equipment are in the employee's possession. Share the list at least yearly with the employee so there are no surprises (and the resulting badness) if an employee leaves. There is little else that generates ill feelings than an out of date equipment list for an employee (what do you mean I have to turn in that laptop? I turned it in two years ago. What!?!?! You want me to pay for it? ... etc., etc.).

    Provide a great work environment so employees don't want to leave.

    Look at what you think concerns you when an employee leaves, and then think about what you should do while the person is an active employee to prevent your concerns from occurring.

    Don't solve the problem after it occurs, prevent it from occurring.

  12. Don't try to be a hero by mileshigh · · Score: 5, Insightful

    You have data backups & resiliency in place as a matter of policy, right?

    What's policy (probably HR's responsibility) for this scenario? That's what you do: follow policy, nothing more, nothing less. If there's no policy or procedure, then you do exactly that: nothing.

    Don't improvise. This is an HR issue. You have NO idea what legal or other policy minefields you're stepping into. There are only downsides for you.

  13. Why? by JustNiz · · Score: 4, Insightful

    Why are you suddenly panicking and treating him like an asshole now he has anounced his resignation?

    If he had ever had the intention to Do Bad Things(tm) why don't you think he also had the smarts to plan ahead and do it the day before he quit?

    And also.. backing up his email in case he deletes his inbox/sentbox? Are you serious? Why don't you require that this should be deleted when he leaves? Most people do that on leaving just for their own personal security purposes. In fact many compnaies specifically require existing employees to explicitly not keep emails beyond some period. His email may well legitimately include personal stuff such as from HR that he should reasonably expect to be kept private, i.e not archived potentially permanently for perusal by IT staff anytime later.

  14. We do ... absolutely nothing by enjar · · Score: 4, Insightful

    People start and leave jobs for a variety of reasons. Maybe their spouse got a giant promotion but had to move. Maybe their parents are ailing and they are moving closer to take care of them. Maybe they just want to do something new, or change careers. There's a multitude of perfectly rational and otherwise sane reasons people change jobs.

    Why are you even considering treating them like an asshole? If they have given their notice, they should be finishing things up. If there's a project they are working on that will not be completed, they should be working with who is going to take it over to transfer the knowledge. They should likely document anything they did that wasn't documented. So on and so forth. Maybe you go out of a good bye lunch or get a cake to wish them well in their new endeavor. But why treat them like an asshole? Who knows, maybe your firm will start going the wrong way and they will get you on at the new place.

    Once they are gone, then you should have a procedure to deactivate the account, delete files, shut off email, have inbound mail forwarded to their old manager, etc.

    If you DO think they are going to do stupid things, then they should have been fired a long time ago. But if they are just leaving with proper notice, you likely don't need to do anything special.

  15. Re:Having security meet him at his desk by Jax+Omen · · Score: 5, Insightful

    This. Last place I worked, I gave about 3 weeks notice (I said "x day is my last day" essentially) and emphasized in my resignation letter my full intent to continue to be as effective/useful to the company as I could for the full duration of my notice.

    A higher-up drove 45 minutes from the head office to greet me on the last day of my notice to thank me personally and shake my hand because HE HAD NEVER SEEN ANYONE ACTUALLY DO THIS BEFORE.

    EVERY SINGLE one of my coworkers saw this, mind you. I guarantee it made an impression, because they all couldn't stop talking about it the rest of the day.

    When an employee resigns on non-hostile terms, don't treat them badly, instead show them how much you value them. It sets a great example for the remaining employees, and boosts morale across the board.

    Shame that job paid so badly, I really liked the people there...

  16. Re:Why? by pr0fessor · · Score: 4, Interesting

    We had a person like that, everyone thought she just walked around the office batting her eyelashes to get out of doing work. Then she got let go and all hell broke loose because nobody had any idea she was monitoring logs and jobs for all kind of things through out the enterprise everyday fixing stalled jobs etc... not on her workstation but still. She liked to ask me questions and had me check some of them when she would go on leave so I had an idea we were screwed.

  17. Re:Why? by hatemonger · · Score: 4, Insightful

    Profanity is a crutch.

    Empty platitudes repeated by people who dislike profanity for the sake of feeling good about themselves. Profanity is one of many tools that people can use to express themselves, and it is completely unrelated the strength of the points being argued. The sun is fucking hot, the sky is damn blue, and shit like "profanity is the sign of a weak argument" is ignorant and fallacious.

  18. Re:Having security meet him at his desk by Dan1701 · · Score: 4, Insightful

    I worked for a company like that for a while; complete and utter bastards to work for. What that sort of behaviour towards their employees got them was a complete lack of any loyalty whatsoever. Since they were also a bunch of idiots who never planned anything, and always bodged things to run until the next last minute bodge, then however motivated a saboteur might have been, it would have been rather difficult to think up any action which would show up against the background level of incompetence, malevolence and managerial stupidity.

    Most people simply got out of the door quickly, and took care never to work for them ever again, figuring that the company would come to an eventual bad end. It did, as things turned out, and the UK law would still like to have a long, comfortable chat with the company directors in the unlikely event of them ever setting foot in the EU again.

    My take on easter eggs and sabotage like this is simple: DON'T DO IT! You never know when you might need a reference or a job involving some of the people in that last job, and it helps to have maintained a professional aspect and outlook throughout whatever shenanigans led to your departure. People tend to appreciate that sort of thing, and it also gives you the moral (and legal) high ground subsequently. It also means that you're not forever after worrying about whether the law are after you for unspecified crimes, and if you're the worrying sort like myself, it helps not to give yourself anything much to worry about in future.