Joseph Powell first suspected that there were problems with his IT contractor when the admin refused to cede his administrative rights on an accounting software package. Powell, who was the business administrator for a private school, began noticing more issues. When the school's board ordered the IT admin to cede control of the software, he began introducing deliberate errors into the school's database. "We also began to experience costly downtime on the network coinciding with any time [he] was unhappy with how he was treated by the administration," Powell says.
By the time Powell and the board made the decision to fire the contractor, he was reading everyone's e-mail, so Powell had to leave his office every day and head over to a local library, where he then used a private e-mail account to correspond with his bosses.
[ What skills should every IT person have to stay employed? Find out here. ]
He then hired a new IT team to replace the contractor and had them covertly copy everything on the school's network. This turned out to be a prudent move: When Powell told the contractor that his employment was up, "he replied that he built the network and would be taking it with him." And the former admin tried: On his last day of work, he logged in and wiped every document off the network. Had it not been for Powell's foresight, the school would have lost all its digital assets.
Powell's nightmare illustrates why firing IT personnel can be tricky. These are the employees who hold the keys to the kingdom, who can copy confidential information with a few keystrokes, who can lock everyone out of the network -- or nuke it entirely. So what do you do when you have to let one go under less-than-optimal circumstances?
Step 1: Plan for damage control
The first step: Plan how to curb any damage.
According to Todd Stefan, president of high-tech risk management firm Talon Cyber, "Don't shoot from the hip. This has to be planned out. Planning and foresight is what I consider the biggest 'do.'"
He says there are three different facets to terminating an IT person: "There's the access to the network, the applications they can log on to, and the usernames and passwords they know."
Therefore, before you plan to terminate someone, you need to figure out what kind of access they have to all the company networks. Find out who else has access to those systems; if no one else does, then add a backup administrator.
In addition to figuring out what sort of access the soon-to-be-fired IT employee has, managers will also need to determine how to prepare for a smooth transition to other employees and how to implement new security measures in the wake of the person's dismissal. "If you don't have the measures in place to turn everything off and prepare, it's best to postpone the termination," Stefan says.
This may also be the stage where it's smart to bring in an outside party to begin auditing the networks. This way, if there are backdoors into the networks or if the troublemaker suspects they're about to be let go, the auditors can find any potential threats, detect any sabotage or deletion of incriminating evidence, and back up any critical systems.
[ Getyour career and management questions answered at InfoWorld's Advice Line blog. ]
Step 2: Get your backups in place
Before firing an IT employee, make sure someone else knows what that person does -- and how to do it.
"You need to structure your IT organization so that no one is indispensable," says Robert Monroe. Now a management professor at Carnegie Mellon University, he spent 15 years in software development and management.
One of the biggest obstacles to firing someone: They may be the only one who knows how to perform mission-critical tasks. Monroe suggests breaking these "information hoarders" of their bad habits early on.
"Always, always, always operate on the premise, 'What if you get hit by a bus?'" he says. If that should fail to sway the hoarder, point out three other, more self-interested truths: People who don't have reliable backups can never go on vacation. They can never take sick days. And, he adds, they can never be considered for a promotion to a more interesting and more highly compensated role in the company.
However, even when dealing with an information hoarder on the emotional front, be sure to implement some tactical fail-safes. Monroe recommends rotating assignments among members of an IT team, in a phased way, so that everyone can absorb the skills and information to do critical tasks.
If an IT department is tiny, Monroe says, managers can strive for some redundancy. "Make sure people are familiar with the work that other members of the team are doing."
Step 3: Do it fast
But how to actually pull the trigger? Jim Lanzalotto, a vice president at outsourcing agency Yoh, suggests going to the movies. "Have you ever seen the movie 'Office Space'? Do the exact opposite of that."
He explains, "What they do in 'Office Space' is bring in the efficiency experts and pretty much prepare everyone to be fired. It creates a feeling of edge in the office — it's the exact wrong thing to do in an organization."
If you're going to fire an employee, make it quick. Monroe recommends having a standard process for everyone who's leaving the company. This process should include a checklist of things to do to remove access to crucial systems, as well as an exit interview that reviews key points in any confidentiality agreements.
Stefan recommends packing the exit interview with questions that'll help keep operations running smoothly. For example, find out what passwords the soon-to-be ex-employee has and what systems they're for, and give the person a checklist of items that need to be accounted for or turned in.
While the exit interview is going on, he says, someone should be checking to make sure that any potential evidence that would justify the firing isn't being erased or corrupted. Another IT person should also be locking down the system and preparing to force a company-wide password reset. That way, the ex-employee won't be able to log into the usual systems with another user's ID and password.
While such preventative actions are wholly appropriate, they don't mean you should treat the employee as a criminal. "When you terminate an IT person, you still have to deal with them in a respectful, professional manner," he says. "If you need information, treating [the fired employee] like a criminal makes them not want to respond or give you bad information or damage the system."
A caveat: Don't do it on a Friday
Terminating someone right before the weekend only gives them time to stew -- or to do significant damage to your systems while nearly everyone else is out of the office.
Stefan points out the advantage of firing someone on Monday morning: You'll have the weekend to do any necessary prep work -- backing up files, finding and closing back doors in a network, cutting off access to assorted networks -- without too many people around to notice that something's about to happen. By preparing on the weekend and terminating an employee Monday morning, you're reducing the chance that the rest of the working week will be devoted to containing any fallout from the firing, he says.
However, Lanzalotto thinks starting off the work week by firing someone can reduce an organization's output: "Do you want people to be productive all week or to talk about this all week?"
While Monday may or may not be an ideal day, Lanzalotto does agree that terminating someone is best done earlier in the week -- and certainly not on a Friday.
Step 4: Deal with the survivors
The unpleasant part of the task may be over, but the post-firing fallout isn't confined to the IT concerns. Workers may be nervous or unsettled, and managers need to act quickly to defuse that tension.
"Be as open as possible within company culture," says Monroe. "If you can make it clear that it was not an arbitrary decision made randomly, that takes away a lot of concern that comes along with it."
It also improves the likelihood that a dysfunctional office can right itself more quickly. Monroe says that most of the time, if someone's being fired for performance issues, it's not a surprise to their coworkers. After he received a standing ovation from his department following his firing of a troublesome employee, Monroe realized that the person who is causing the manager headaches is usually afflicting their coworkers, too.