| I've covered this topic more than once since the | | | | necessary for their jobs and who make more printouts |
| economy went from very bad to scary awful, but it | | | | than usual. It is a good idea to keep an eye out for |
| bears much repeating: There is going to be a lot of | | | | troubled employees who may be receptive to pitches |
| chaos during the next few months - layoffs and | | | | from crooks. The story also suggests appropriate |
| mergers - and security staffs need to pay a lot of | | | | electronic safeguards and, for good measure, ends |
| attention to keep data safe. Ideally, it is a good idea to | | | | with two or three more scary stories. |
| do this long before the layoffs or mergers start. | | | | In the cases of mergers and acquisitions, security |
| That's the message. Processor says that it is | | | | concerns must be handled while the IT department is |
| important to track which assets each employee can | | | | busy with a tremendous number of other things. |
| access. This is a bigger job than it seems and must be | | | | Indeed, security only is mentioned at the end of this |
| done in a systematic way before the employee is let | | | | piece, which looks at some of the things that must be |
| go. Passwords to group or shared accounts must be | | | | done by an IT staff going through the M&A |
| tracked. That's tricky, of course, because those | | | | process. The staffs must synchronize financial and |
| passwords are assigned to a group of people. They | | | | human resource data and merge the underlying IT |
| should be changed when an employee has been given | | | | systems. The piece says that synchronizing the |
| notice or is told that he or she will be laid off days or | | | | financial data is the biggest issue. The last thing these |
| weeks before it actually happens. This lets the | | | | folks have time to worry about is renegade current or |
| company track whether the person is trying to reach | | | | laid off employees. So it's vital to have robust and |
| into areas in which he or she shouldn't tread. | | | | comprehensive policies and technical hardware and |
| The most effective way to guard passwords is to | | | | software systems in place. |
| establish a structure to protect them while the | | | | These threats exist today in big enterprises - and in |
| employee still is with the company. The piece is | | | | the city of Clarksville, TN. The Leaf Chronicle reports |
| followed by sidebars that provide tips on preventing | | | | that an external security audit there revealed that |
| insider attacks and a checklist for a departing | | | | employees retained access after termination and that |
| employee. | | | | password standards were not adequate. The audit |
| A recent IDG piece in The New York Times begins | | | | looked at the city in general, the gas and water |
| with a troubling vignette: A manager at Pilz left one | | | | department and the energy department. It found that |
| company to work for a rival and took a lot of valuable | | | | denial of access rights was not completed quickly |
| information with him. The only thing that saved his | | | | enough at all three levels and recommended that the |
| original employer was the competitor's honesty. The | | | | system be adjusted. The audit also found that |
| suggestions: Watch people who suddenly work long | | | | encryption was inadequate. Officials said that steps |
| hours, seek access to corporate information not | | | | would be taken to rectify the situation. |