Within the procedural infrastructure of most businesses are unavoidable caveats. They come with the territory of owning and operating a business and any business owner, especially one which takes on employees, can testify to this. Assessing and mitigating security threats found in computer hardware and software is a good place to start the process of securing a business from criminal harm. However, assessing and mitigating the side of security dealing with human error, dishonesty, and crime, is a whole other matter. Like with most computer users, not excluding business owners, complacency in computer security has been found to be a primary doorway in which a business can be exploited by criminals, whether foul play comes from inside or outside a business. A minimum set of precautions should be taken.
The retaliatory actions of disgruntled employees who are subject to disciplinary action within a company or are outright fired for any given reason are a common problem in any business which hires employees. There are security measures that can be taken to mitigate the threat of disgruntled employees who can go on the offensive. Two specific measures which should be elementary for any business which hires employees are implementing the security concepts of “least privilege“, and a strict policy (including procedures) for discharging or firing employees.
The concept of “least privilege” is implemented by giving access to company resources and information only to the extent that is required for an employee to accomplish her job in the company. As an example, if an employee’s primary job in a company is managing financial resources and dealing with payroll checks, then that employee should be given access only to the resources and information required to carry out those duties. There’s no need to give her a duplicate key to the storage attic which contains nothing essential to carrying out her duties as a companies’ financial resources manager. This strategy can generally make it much simpler and easier for a company owner to manage employees.
In the event that an employee must be fired or discharged from a company, there should be strict procedures in place to facilitate a secure transition for the exiting employee. For example, any computer passwords known by the exiting employee should be changed immediately and any security clearances held by the exiting employee should be revoked.
Please contact us if there is concern regarding security policies for both current and discharged employees.