Getting Ready For Lay-offs Lay-offs are coming -- How should a CIO prepare....
Some things CIO should do to minimize security risks include:
- Clearly and completely document each worker's access to the network, applications, servers and the physical building;
- Have monitoring software in place to keep an eye on network traffic and security violations;
- Modify and/or shut down remote connections, including VPNs;
- Install file and directory security - limit ability to access / modify enterprise business records - disable ability to download files and use USB storage devices;
- Audit and close down user names and passwords as soon as lay-offs are announced;
- Audit and close down web access to sensitive information and business records for those laid off;
- Freeze access to e-mail and archive e-mail accounts immediately;
- Collect PDAs, Smartphones, Laptops, USB devices;
- Collect security ID cards;
- Collect credit cards;
- If the person worked in IT, change route access and network access;
- Eliminate telephone access from the outside;
- Have the laid-off worker's manager tell the employee that he is being laid-off;
- Offer a financial cushion or severance package - include health insurance;
- Offer outplacement services;
Laying off thousands of employees means there simply may be too many security holes to patch up before employees are given their pink slips. And that means there are many ways back into the company's network for any disgruntled employee who would like some revenge to help make up for a lost job and possibly squandered retirement funds and stock options.
Questions that the CIO should have answers to are:
- If the enterprise is going through periods of rapid or dramatic change, including changes in the way it does business, how will the lay-offs impact this?
- Is the enterprise's IT function efficient and has a low cost of operation, what value and costs will the lay-off provide?
- The primary motivator for lay-offs is the drive to reduce costs, will this happen?
- How will the enterprise know that it is getting value from the lay-off?
- Lay-offs are driven by senior management -- what does the CIO do to meet and exceed their objectives will continuing to provide service?
- How do you know what the service level will be after the lay-offs? What metrics are in place?
- The enterprise operations are entwined with IT functions such that if the IT function has lay-offs what will the impact be on enterprise operations?