Schedule a Consultation: 858.483.9200
San Diego Businesses: Checklist for Protecting Your Computer From an Angry Administrator
We have written recently about the need to protect your digital and virtual assets. One of many possible threats is a rogue or angry or vindictive recently-fired network administrator. Bad situations do happen; Uber recently was forced to fire its top two computer network security officers. See Bloomberg report here.
Fired employees can be angry, very angry. Existing employees can be angry that other employees have been fired. If such angry employees have access to your computer systems, that anger can result in significant damage. For example, in a case out of Texas, United States v. Thomas, No. 16-41264 (Fed. 5th Cir. Dec. 11, 2017), an IT Operations Manager spent a weekend sabotaging his employer’s computer network because he was upset that the company fired a coworker. He deleted files, disabled the backup operations, damaged group email lists used by clients, diverted executives’ emails and set a “time bomb” that would disable remote access by company employees. The manager was eventually convicted of criminal misconduct and is, presumably, in jail.
Here is a checklist for protecting your computer networks.
San Diego Businesses: Sound, Enforceable Employment Contracts With Teeth
Usernames and passcodes are the key issues with administrative access to your San Diego company’s computer network. As we recently wrote, the company should have policies and procedures in effect for having those usernames and passcodes available in one or more secure locations. That is, your network administrator should not be the only person with the access information.
In addition to those policies and procedures, you need solid, enforceable and pro-company employment contracts. Among the provisions the following should be included:
- Statement that the usernames and passcodes are property of the company
- Agreement by employee that he/she will keep such information confidential from third parties
- Provision that usernames/passcodes are kept in secured centralized location(s)
- Agreement by employee that, if passcodes are changed, he/she will immediately update the centralized file
- Agreement by employee that, upon separation — voluntary or involuntary — that he/she will provide username/passcodes and/or complete such paperwork as needed to have the passcodes re-set
- Agreement that injunctive relief is appropriate
- Statement that employee understands sabotage of the computer networks/systems is criminal violation of the Federal Fraud and Abuse Act and California state laws and will lead to civil prosecution too
- Agreement that company shall recover attorney’s fees if suit is necessary
San Diego Businesses: Change the Passcodes BEFORE He/She Leaves the Building
Even if your key tech administrator is leaving under the best of circumstances, your new systems administrator should check the usernames and passcodes BEFORE the departing employee leaves the building. This should absolutely be done if you are terminating your network administrator. If there is a problem with re-setting the passcodes, then demand should be made on the spot for the terminated employee to provide the correct usernames/passcodes. Failure to do so immediately is breach of contract and litigation should be filed.
San Diego Businesses: No Access by the Terminated Administrator
In a similar manner, the recently-fired employee should not have access to any computer terminals as he or she exits the building. Remember also to terminate any remote access that has been granted to the employee.
San Diego Businesses: Have Your Business Lawyer at the Ready
Particularly when you are firing your network administrator or the head of your network security, you need your trusted and experienced business lawyer at hand.
San Diego Businesses: Be Prepared to File Emergency Litigation
Your business depends on your computer systems and your website. Even a few days of problems can result in significant lost sales and lost revenue/profits. Be prepared to be in court immediately for injunctive relief.
San Diego Businesses: Contact San Diego Corporate Law
For further information, please contact Michael Leonard, Esq. of San Diego Corporate Law. Mr. Leonard has the experience to help draft and implement company policies and procedures and to help with all other types of business legal issues. Issues with respect to usernames and passcodes might be worthy of including in your company’s employee handbook. Mr. Leonard can assist with that, too. Contact Mr. Leonard by email or by calling (858) 483-9200.
You Might Also Like:
How Trusted Legal Counsel Can Help Your Business Grow
What Should Be In My Employee Handbook?