How To Fire Your IT Professional While Protecting Your Data
Firing an employee is never easy and never pleasant. Firing your IT pro or Systems Administrator comes with a whole other set of issues. Often referred to as “the keeper of the keys”, this individual has the access and ability to seriously compromise, even sabotage, your data and systems on their way out the door, if they so choose. While we believe 99% of people will be professional as you part ways, it is worth keeping the other 1% in mind. This means careful planning. In fact, there should be a plan for firing IT personnel in place before they are hired. The first steps in any situation would be to make sure all passwords for all Administrator accounts are kept in a password safe. This could be a piece of paper kept in an actual safe or a digital password manager like LastPass or 1Password. Every now and then you will want to make sure these accounts are still active and have the right access rights. The ideal situation would see you giving the passwords to someone trained to change them before going into the firing meeting or exit interview. Once the door shuts, they make the changes.
“IT? Party of One?”
Many small and medium sized enterprises (SMEs) start out with a one-person IT Department. While it is often the only affordable way for new and growing companies, it also means putting all of your tech eggs in one basket. So, even if you’re not considering firing them, you need to have the “hit by a bus” scenario ready. That is, what do you do if you’re one person becomes unavailable (or is fired)? One way to handle this issue is to employ the services of an external IT consultant. Without giving them direct access to any of your company’s data, you can give them remote access passwords that allow them to reset the essential administrator passwords when asked. Of course, this still requires a large degree of trust. Since they can reset admin. passwords, they could take control of the systems. You need to make sure they have access to the systems, but can’t change anything without you knowing.
Plan for the Worst
Get ready for it. Even if the circumstances merit a quick firing, take a breath, assess the situation and move ahead only when you have a carefully considered plan in place. A knee-jerk response will only make an already messy situation messier. So, before you begin the termination process, there are a few questions you will need answered. First, what access do they have to all the company networks and who else has access to them? If nobody else does, you need to add a backup administrator. This is a good time to bring in an outside party to have a look at your networks to see if the soon-to-be-fired employee has left any backdoors that can be used to re-enter your network, to look for potential threats, and to back up critical systems.
Hope for the Best
In most circumstances, you can probably get the information you need just by asking. In the exit interview, ask the departing employee for their passwords and you will likely get them. Just like their phone and laptop, they are company property. During the interview, pass the information on to another IT person to verify. Then, even if you believe the fired employee to be professional about things, have another IT person lock down the system and force a company-wide password re-set. This ensures the fired employee can’t log on to your systems with a different user’s ID and password. Better safe than sorry.
What if They Say No?
There is the chance that a disgruntled employee, about to be fired, will refuse to give you the passwords. The worry here is that they could commit sabotage before the passwords can be changed. So shut the networks down immediately and have an outside IT consultant come in and change the passwords immediately. The outgoing employee can’t prevent you from changing the passwords. They can only inconvenience you with the downtime it will take to change the passwords manually. While you’re at it, make sure you change ALL the passwords, not just the networks and servers. And it’s important to note here, in your plan to fire this employee, it’s a good idea to have their replacement in place ahead of time to make the transition as seamless as possible.
Really Bad? Call in the “White Hats”
If you believe you have an IT Systems Administrator that has gone totally off the rails, that you are sure has malicious intent, you are going to need to put some serious time into preparing to fire them. You’re going to need to bring in the experts. You’re going to need to bring in the “White Hat hackers.” Techopedia.com defines White Hat hackers as, “computer security specialists who break into protected systems and networks to test and assess their security.” We have a few Nerds who fit that mold. These guys know what to look for. Of course, they’ll have to do the looking when the sys admin isn’t around, preferably on vacation. If it comes down to it, you may have to send him on vacation. One of the things the white hats should look for with the culprit out of the way is dead man scripts. These are scripts, or viruses, your rogue IT pro has written and left behind that can wreak serious havoc on your data center. Each script can be remotely activated to shut down different networks, services, and devices. The white hats should also be on the lookout for trip wires and backdoor accounts. Backdoor accounts are essentially portals that let the fired employee gain access to systems through different devices. If a white hat looks for these things and doesn’t find any, it is likely there are none there. While you’re searching around for any bad stuff a malicious sysadmin might have left behind, it is also a good time to perform a disaster recovery trial to make sure all backups are working properly so if you lose data to a malicious attack, you know you can get it back. Many Managed Services Providers, including Nerds On Site, will perform free Network & Security Assessments to help you identify any issues.
Please Join Us in the Boardroom
The exit interview should also be well planned. While it is useful to have Human Resources personnel at the meeting, the firing should be done by the employee’s direct manager. Depending on the volatility of the employee, you might want to have security nearby. Opinions vary on the best time to fire someone. Most people agree it should not be done on a Friday. Doing it at the beginning of the week, on a Monday for example, gives you the weekend to prepare, to backup files, cut off access to networks, etc. We suggest doing it at the beginning of the day. There are likely fewer people around and it stops you having to stew about it all day. During the meeting, it is alright to show a level of compassion, but do not get too emotional, and definitely don’t get angry. Make sure your language is clear and that there can be no doubt that employment is being terminated. Have a termination letter drafted and signed by the manager ahead of time. Encourage the employee to have someone, a lawyer, look it over before they sign it back, but give them a deadline to do so. Have a checklist of all company property that needs to be returned – cell phones, laptops, keys, etc. – and make sure you get it all back before the fired employee leaves the building. This meeting is also a good time to remind them of any confidentiality agreements they are bound by. The key is to be professional and afford the terminated employee as much dignity as possible. That’s our best Nerd’s advice. Visit the Canadian HR Reporter for a more comprehensive list of best practices for firing an employee.
What About Who’s Left?
The dismissal of any employee can have an unsettling effect on the entire company, no matter what the size. First, it is important to let everyone know that the employee has been fired. This can sometimes make other employees nervous, giving them an, “am I next?” feeling, so management needs to act quickly to settle things down. They need to be as open as they can be. If they can’t be completely transparent about the reason, they at least need to communicate that there was a reason and that it was not just some arbitrary decision. On the other hand, staff might have seen it coming and welcome the removal of a workplace headache. Either way, everyone needs to be ensured that the decision will lead to a more positive environment moving forward. In addition to the other employees, it’s important to let any vendors or suppliers that your former IT pro worked with know that person is no longer with the company.
Not Your Average Dismissal
It’s easy to see that firing an IT professional, whether it is your one-person show or your Director or Systems Administrator, comes with a whole set of unique issues. After all, these are the people who hold “the keys to the Kingdom”, and these keys give them the power to do real damage to your data centers if they have malicious intent. When it comes time to part ways for whatever reason, it is essential that you have a plan in place. Often this plan will involve using outside IT professionals or consultants. Nerds On Site would be happy to give you a hand through this difficult time. Give us a call to set up a free Network & Security Assessment.