Joseph Powell first suspected that there were problems with his IT contractor when the admin refused to cede his administrative rights on an accounting software package. Powell, who was the business administrator for a private school, began noticing more issues. When the school's board ordered the IT admin to cede control of the software, he began introducing deliberate errors into the school's database. "We also began to experience costly downtime on the network coinciding with any time [he] was unhappy with how he was treated by the administration," Powell says.
By the time Powell and the board made the decision to fire the contractor, he was reading everyone's e-mail, so Powell had to leave his office every day and head over to a local library, where he then used a private e-mail account to correspond with his bosses.
[ What skills should every IT person have to stay employed? Find out here. ]
He then hired a new IT team to replace the contractor and had them covertly copy everything on the school's network. This turned out to be a prudent move: When Powell told the contractor that his employment was up, "he replied that he built the network and would be taking it with him." And the former admin tried: On his last day of work, he logged in and wiped every document off the network. Had it not been for Powell's foresight, the school would have lost all its digital assets.
Powell's nightmare illustrates why firing IT personnel can be tricky. These are the employees who hold the keys to the kingdom, who can copy confidential information with a few keystrokes, who can lock everyone out of the network -- or nuke it entirely. So what do you do when you have to let one go under less-than-optimal circumstances?
Step 1: Plan for damage control
The first step: Plan how to curb any damage.
According to Todd Stefan, president of high-tech risk management firm Talon Cyber, "Don't shoot from the hip. This has to be planned out. Planning and foresight is what I consider the biggest 'do.'"
He says there are three different facets to terminating an IT person: "There's the access to the network, the applications they can log on to, and the usernames and passwords they know."
Therefore, before you plan to terminate someone, you need to figure out what kind of access they have to all the company networks. Find out who else has access to those systems; if no one else does, then add a backup administrator.
In addition to figuring out what sort of access the soon-to-be-fired IT employee has, managers will also need to determine how to prepare for a smooth transition to other employees and how to implement new security measures in the wake of the person's dismissal. "If you don't have the measures in place to turn everything off and prepare, it's best to postpone the termination," Stefan says.
This may also be the stage where it's smart to bring in an outside party to begin auditing the networks. This way, if there are backdoors into the networks or if the troublemaker suspects they're about to be let go, the auditors can find any potential threats, detect any sabotage or deletion of incriminating evidence, and back up any critical systems.