Should risky employees be allowed to hang around?
In response to an FCW article published Jan. 28 headlines “What feds can learn from Coca-Cola’s data breach,” a reader opined that government employee terminations could get ugly if they follow industry’s course regarding IT security. The reader wrote:
"So one of the big lessons is the terminated employee should have his/her rights terminated immediately as well. In private industry, an employee might be sitting at his/her desk and security walks up and says, 'your services are no longer needed' and the employee is given 10 minutes to gather his/her personal belongings and is escorted out of the building. This is where this recommendation will lead in the [government]."
Frank Konkel responds: I don't think quick goodbyes are necessarily a bad thing under the correct circumstances, especially under the pressure IT organizations are under to prevent unwanted data breaches and enforce the best possible cybersecurity policies. It is clear from Coca-Cola's response that it had policies in place at the time that would have prevented the breach. Had company officials actually followed them, perhaps a former employee wouldn't have strolled out of Coke's Atlanta headquarters with the personal information of 74,000 employees, suppliers and contractors.
As Tony Busseri, CEO of Route1, said in the article, policies are effective only if they are actually implemented. Coca-Cola received a big wakeup call, as have Target and Neiman Marcus in recent months, and that wakeup call should echo to government. Yes, federal employees should be afforded every possible employment right, but at the end of the day, if an employee has access to classified information, trade data or other sensitive types of information -- and that employee is terminated for any reason -- does it pose more risk to the mission to keep the employee on for two weeks or to wave a quick goodbye? In 2006, one stolen device containing unencrypted data ultimately cost the Department of Veterans Affairs more than $20 million and severely damaged its reputation. Imagine what a disgruntled terminated employee could have cost them. Terminated employees know where weaknesses are in organizations – the connection to networks, technology and any sensitive data should be severed the moment their employment is.
Posted by Frank Konkel on Jan 30, 2014 at 8:00 AM