Can we talk about the termination process from an IT POV?

So I’ve been working for this company for the last year as their SysAdmin. Now they don’t have the best system when it comes to firing people, or IT Policy for that matter. It's not unusual for them to have people leave and not even tell me. We’re a small company so everyone knows everyone and talks to just about everyone.

The situation;

Monday night they found out that two employees were going to be fired, I won’t go into detail here. The first thing Tuesday the Call Center guy came up to me and asked if I had read my mail? I said no and he told me that I needed to disable access for the two employees. No big deal usually they take care of the employee end. So I disable AD access, Email, VPN, etc.

Not more than 30 min later I get a call on my personal cell from one of the employees. He’s complaining because his VPN doesn’t work and is kind of upset.

WHAT do you say in that situation???

Essentially they had me turn off access before they even told him. Now I understand there is a *possible* security risk here, but shouldn’t there be a clear process where the SysAdmin shouldn’t be involved?

I told the user that I wasn’t sure what was up. I would test the VPN and have someone call him. So clearly I lied, but considering the situation?

Thoughts?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

HeroPsycho

Paul Boz wrote: »

The corporation has the right to look at what data is leaving the organization and deem whether it is safe to let go or not.

You sound like a corporate tool.

Paul Boz

HeroPsycho wrote: »

You sound like a corporate tool.

I sound like a guy who is paid solid money to tell companies what I'm telling you. Corporate tool is accurate. It comes with a hefty price tag, I'll deal with that. Management hires me to do what I do, not the end users that I'm protecting management from.

veritas_libertas

HeroPsycho wrote: »

You sound like a corporate tool.

Umm... Lets not forget that when you work for the company you do the following...

Get paid to work by the company.
Work on the company's computers.
Agree to the company's computer use agreement. (Which honestly almost no user does).

Where I once worked it was company policy for all the sent / received e-mails to be looked through after termination / resignation. I mean come on, to me it is no different than having your company credit card / phone calls audited. They want to know what you did with their equipment. In some cases the company can be liable if you mishandled their tools.

If I am wrong about anything I said please correct me.

human151

by end users you mean the people who actually do the work. Give them a little respect.

veritas_libertas

human151 wrote: »

by end users you mean the people who actually do the work. Give them a little respect.

Did I say end user? I just reread my post, and I cannot find that. I did write user. I believe I am a user

At least the pop-up message on my Workstation tells me I am.

Paul Boz

human151 wrote: »

by end users you mean the people who actually do the work. Give them a little respect.

Your argument is coming off like management doesn't do work. If management doesn't protect the integrity of the organization the end users don't have a JOB. That is the function of good policies and procedures. I do not work in management, I just work with management at other organizations. I understand how I fit into my company. I also understand that I, like any employee at any company, am an asset, not a member of the family. Employee cost is no different from technology cost. Both are different types of assets used in the organization.

veritas_libertas wrote: »

Did I say end user? I just reread my post, and I cannot find that. I did write user. I believe I am a user

At least the pop-up message on my Workstation tells me I am.

I believe he was referring to my post.

dynamik

HeroPsycho wrote: »

You sound like a corporate tool.

By wanting to inspect data to make sure there's no confidential information leaving the company? Isn't that standard practice?

Plantwiz

Paul Boz wrote: »

I sound like a guy who is paid solid money to tell companies what I'm telling you. Corporate tool is accurate. It comes with a hefty price tag, I'll deal with that. Management hires me to do what I do, not the end users that I'm protecting management from.

Amen!

Plantwiz

dynamik wrote: »

By wanting to inspect data to make sure there's no confidential information leaving the company? Isn't that standard practice?

It should be for many businesses. Some it just won't matter as the risk small to none. However, it can usually be argued that whomever is paying...has the right to set the rules how they see fit. It is just good practice to set the rules up front so everyone is clear.

Work PCs, belong to the company. And if one choses to use their personal equipment on the company network, it then is subject to the same scrutiny (IMO) for security purposes.

Don't mix personal with business.

human151

I just think we should remember that these assests are human beings and deserve a little respect for furthering the goals of the company. I know me and my peers but our butts and work long hours and maintenance windows to further the company. They do not deserve these types of games like "distract this guys while I fire this other guy" or "pretend you need to do something under his desk and unplug his cable"

I've never been fired (knock on wood) but if I go I wouldn't expect these petty games to be played by my employer.

Yes I realize that I work for the company, its not a family but everyone deserves some respect and dignity.

Paul Boz

human151 wrote: »

Yes I realize that I work for the company, its not a family but everyone deserves some respect and dignity.

There is a right way to fire someone and a wrong way and most of the ways which you described (as sited from other posts in this thread) are the wrong ways. I learned a while back that business is business and its ugly and it sucks, but it keeps the lights on and bread on the table. It is what it is.

blargoe

networker050184 wrote: »

I agree here. You must disable access first. It kind of defeats the purpose if you disable access after you fire them.

We fired a tech at one of distribution centers and his access didn't get turned off in a timely manner. He deleted their file share and destroyed all the backups. Kind of an extreme example, but you have to disable first, always.

The company that I work for calls IT when they're having the meeting with the terminated employee letting them know they are excused from their position and access is turned off at that time. If they don't think the person is going to make a scene, they might let them back to their desk to gather their things, with an HR escort. Sometimes they ask them to come back after hours. Any personal data on the computer if it's requested is copied off by someone in IT and sent to them in the mail.

blargoe

The only data we generally send, when it's requested, is contacts. Unless they were sales people, then usually not. If they're looking for particular personal files, we might send that to them as well (ie pictures, music, some documents etc) but not without knowing what it is, and it all has to come through HR.

HeroPsycho

dynamik wrote: »

By wanting to inspect data to make sure there's no confidential information leaving the company? Isn't that standard practice?

I can't believe you guys took me seriously...

That was entirely too much fun.

dynamik

Oh, I figured you were just jealous that Paul was at least a specific type of tool...

Kaminsky

mikedisd2 wrote: »

I don't think there would be any company that caters for people's personal data. Officially speaking it shouldn't be on the company systems. They might even say that it is now company property (though I doubt it, still why trust em?).

One of the usual things people are after is copies of emails they may need for possible future litigation against the company that fired them. Except with major c**k ups, dismisals are usually long time coming after lengthy email chains and warnings being involved. That is why IT department policy should never be to delete email accounts immediately (maybe restrict access to them) as the ex-employee does still have a right to them under freedom of information - That is if they have been dumb enough not to take hard copies of the relevent ones in advance. IT policy should be to hold them read only (even from their own managers who may bowse through them and might find an unfavourable one and try to delete it) for at least 6 months whether that is online or off line.

It's not going against the company or being in solidarity with the ex-employee. It's about running a professional IT department that is aware of it's legal responsibilities of all the information it has a duty of care over.

RobertKaucher

Kaminsky, I don't know about the UK, but freedom of information does not apply to a corporation and its employees in the US. No such right exists.

The issue here is that we are approaching a percieved grey area that is actually very black and white. IT has allowed one's work environment to chip away more and more into the personal lives of employees. VPNs, BlackBerries, Mobile Computers, etc... No body can expect an employee NOT to have a certain amount of personal information on their laptop or in their inbox.

But when it comes time to terminate the employee's employment (be it a layoff, voluntarily leaving for another job, etc) policy must be followed strictly even in small environments. If exceptions are made for employee X (who is in good standing) then they might also be made for employee y (who has been stealing corporate data for months). Management is not going to communicate all of the details about a dismissal to a mid/low level IT worker. So if Mr. Smith was allowed to access his personal data (pictures of his family) on his laptop, why shouldn't Mr Spy be able to access data (a logic bomb that will format the hard drive) on his?

Follow your company's policies to the letter at times like this. They are there to protect you and the company. If you believe these policies are unclear or inadequate then talk to your boss or HR department about them. If you believe that a company's policies are unethical or immoral than you should resign, you should not break the policies just because you don't like them. Just my opinion.

mikedisd2

Kaminsky wrote: »

as the ex-employee does still have a right to them under freedom of information

Huh?

Check your company's email disclaimer. It should say something like "This email and all attachments are the sole property of Co. Ltd (or any of its subsidiary entities)", etc.

HeroPsycho

dynamik wrote: »

Oh, I figured you were just jealous that Paul was at least a specific type of tool...

"I am highly aroused..."

(Anchorman)

Kaminsky

mikedisd2 wrote: »

Huh?

Check your company's email disclaimer. It should say something like "This email and all attachments are the sole property of Co. Ltd (or any of its subsidiary entities)", etc.

Yes. I don't mean they own the email. In many countries they have freedom of information where they can put in a request for all information pertinent to them on your company's computers and you have a legal obligation to provide copies of it to them. This includes emails. Sometimes there is a nominal fee to the company for doing this. This is a standard thng for most countries.

If there were to be any litigation, the first thing that would be requested by the solicitor would be a freedom of information request for copies of any emails pertaining to their client be sent to them. If these emails are deleted, the company can face awkward questions of why and good solicitors can make it sound incriminating.

Paul Boz

Kaminsky wrote: »

Yes. I don't mean they own the email. In many countries they have freedom of information where they can put in a request for all information pertinent to them on your company's computers and you have a legal obligation to provide copies of it to them. This includes emails. Sometimes there is a nominal fee to the company for doing this. This is a standard thng for most countries.

If there were to be any litigation, the first thing that would be requested by the solicitor would be a freedom of information request for copies of any emails pertaining to their client be sent to them. If these emails are deleted, the company can face awkward questions of why and good solicitors can make it sound incriminating.

That's fine and all but I still don't understand how this stands in court if the company has well defined acceptible use policies built around email.

RouteThisWay

After reading this, this is how we handle it (Federal).

We get a notice that ___ is going to be let go on ___ and an Account closure form is handed to us usually 24 hrs before.

The account is closed as soon as the form is walked down (not emailed, phone call etc. A physical document) to the Windows admins. This usually happens ~5PM. We close the account immediately, sign off of the form stating you did such.

If the user can't VPN in, he/she will come in the next morning. If someone from HR doesn't get them first thing in the morning, they obviously cannot log on. They call saying that they can't login. We tell them that we are experiencing server issues (very general ha), we will get back to them asap.

Normally, this is not an issue because they are told first thing in the morning. Then the security contractors come by and pick them up, and they escort them to pack up there things. They are NOT allowed access to the PC at all once they have been terminated, and all accounts are closed. Period.

Before logging into the PC, there is a specific dialogue that pops up and warns that "This is a federal PC owned by the United States govt blahblahblah. It is to be used for work related functions only. You have no privacy on this system, etc etc". So basically, by clicking Accept.. you forfeit the right to anything on the PC, all privacy on the PC, etc.

This may seem harsh, but it would be incredibly stupid from a security standpoint to let someone who was just told they were fired access to a work PC. It isn't their PC, it isn't their data.

Once they are terminated, their desktop is usually reimaged anyway. We are very tight with user permissions so they can't install anything, etc anyways. If they had any personal documents.. sucks for them. They shouldn't be doing it on a work computer.

Like it or not, IT is usually one of the first depts to know of someone being let go. It is the only way to secure network access. Telling someone, then closing their accounts still allows a window of time (even if it is minutes) that someone that has access to the system shouldn't. And that is unacceptable.

dales

RouteThisWay wrote: »

Like it or not, IT is usually one of the first depts to know of someone being let go. It is the only way to secure network access. Telling someone, then closing their accounts still allows a window of time (even if it is minutes) that someone that has access to the system shouldn't. And that is unacceptable.

Haha not where I work, I've have this gripe with HR on a regular basis, that reminds me I dont think I've had a moan at them for a couple of weeks.... 'walks off to write email'

Kaminsky is quite right about the freedom of information act here in the UK, you can ask for information about pretty much any part of any business should it be relevant to to the requester. We get FOI's all the time for things because we are a local government and local papers like trying to find dirt on how much was spent and where. Also by the way our courts handle things if any information is shakey then its the company that comes off worst no matter on what grounds the employee was fired for.

Forsaken_GA

As others have mentioned, this is one of the downsides to being in IT. If you don't have a clear directive as to what to say, then just be non-committal. Tell them you'll look into it and let it go, saying anything more possibly compromises yourself, or your company. It sucks to be put into that position, but there's nothing you can do about it, it happens. People also aren't stupid - if their logins no longer work and their keycards no longer work, they know what's coming. I knew one guy who put it all together really quick. Just walked into the HR office, handed in his keys, asked for his termination form to sign, and left without any further word.

Pash

Forsaken_GA wrote: »

As others have mentioned, this is one of the downsides to being in IT. If you don't have a clear directive as to what to say, then just be non-committal. Tell them you'll look into it and let it go, saying anything more possibly compromises yourself, or your company. It sucks to be put into that position, but there's nothing you can do about it, it happens. People also aren't stupid - if their logins no longer work and their keycards no longer work, they know what's coming. I knew one guy who put it all together really quick. Just walked into the HR office, handed in his keys, asked for his termination form to sign, and left without any further word.

This and what Paul has been saying.

One of our ex-customers of recent had us providing desktop support on a rotation basis. IT was always the first to know that a person was leaving (after HR of course), the IT manager would always walk in and ask to disable employee's xxxx AD account straight away, he would stand there when I would do it.

To be fair he was very good at shielding us from this type of difficult situation, he didn't mind looking like the bad guy, he would pay the user a visit and ask for any loaned items to be given back and as far as I am aware nobody ever kicked and screamed there way out in the 2.5 years I was doing work for this customer.

I can imagine it must be harder when these are colleagues of yours or maybe even people you are friendly with out of hours (which is more than likely in today's long hour office environments).