Blog archive

Should risky employees be allowed to hang around?

Soda Spill - Shutterstock Image

In response to an FCW article published Jan. 28 headlines “What feds can learn from Coca-Cola’s data breach,” a reader opined that government employee terminations could get ugly if they follow industry’s course regarding IT security. The reader wrote:

"So one of the big lessons is the terminated employee should have his/her rights terminated immediately as well. In private industry, an employee might be sitting at his/her desk and security walks up and says, 'your services are no longer needed' and the employee is given 10 minutes to gather his/her personal belongings and is escorted out of the building. This is where this recommendation will lead in the [government]."

Frank Konkel responds: I don't think quick goodbyes are necessarily a bad thing under the correct circumstances, especially under the pressure IT organizations are under to prevent unwanted data breaches and enforce the best possible cybersecurity policies. It is clear from Coca-Cola's response that it had policies in place at the time that would have prevented the breach. Had company officials actually followed them, perhaps a former employee wouldn't have strolled out of Coke's Atlanta headquarters with the personal information of 74,000 employees, suppliers and contractors.

As Tony Busseri, CEO of Route1, said in the article, policies are effective only if they are actually implemented. Coca-Cola received a big wakeup call, as have Target and Neiman Marcus in recent months, and that wakeup call should echo to government. Yes, federal employees should be afforded every possible employment right, but at the end of the day, if an employee has access to classified information, trade data or other sensitive types of information -- and that employee is terminated for any reason -- does it pose more risk to the mission to keep the employee on for two weeks or to wave a quick goodbye? In 2006, one stolen device containing unencrypted  data ultimately cost the Department of Veterans Affairs more than $20 million and severely damaged its reputation. Imagine what a disgruntled terminated employee could have cost them. Terminated employees know where weaknesses are in organizations – the connection to networks, technology and any sensitive data should be severed the moment their employment is.

Posted by Frank Konkel on Jan 30, 2014 at 8:00 AM

Cyber. Covered.

Government Cyber Insider tracks the technologies, policies, threats and emerging solutions that shape the cybersecurity landscape.


Reader comments

Tue, Apr 1, 2014

First, the situation in VA that was referenced is bunk. While some may claim it cost $20M, those of us on the inside know that's hardly true. And if folks looked at how it happened, with an open mind, they'd see that the failure was hardly with the employee. At bestit was an over reaction, and the truth is that the $20M it's touted as costing was saved 100-fold in the previous years by not spending money on security "junk" that would have possibly prevented those $20M from being spent. Look at why cyber has spent in VA since those $20M were spent in an email and credit check effort, and you'll see that $20M was a drop in the bucket. But your point is not lost, employees who know corporate "dirty little secrets" are a challenge for bad management. But that's a story worth doing in VA, isn't it? In VA poor IT leadership is the norm, angry employees are plentiful, and it's getting worse by the day at the Secretary allows Warren to run a wrecking ball into the agency. They both seem to be the VA's most angry employees.

Fri, Jan 31, 2014 Al

I thought this was how life worked everywhere. This is not controversial for most people . . . is it?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group