Guarding Against The 'Inside Job': Page 2
If an employee is authorized to stay during the resignation period, perceived mistreatment by supervisors can lead to a more vindictive attitude by the departing employee. Whether there has been longstanding disagreement, or the supervisor takes the resignation as a personal affront, it may cause the departing employee to have less than charitable thoughts toward the organization.
Management should know the working atmosphere of their direct reports and the next lower level. Such knowledge helps to determine whether personal dynamics risk company assets. An early exit interview will provide insight to the situation. It may need an adjusted working arrangement, or the employee may be willing to sign a waiver for an early departure.
Whatever works best should be used. There is no reason to give the employee the reason and the opportunity to take advantage of continued access.
The soon-to-be ex-employee is a much harder dilemma. If we go back to the issue of supervisor-employee compatibility, we can identify some individuals who may be at risk for security violations as they leave the company.
Not all employees who leave due to disagreement are looking to rip off the company. And not all employees who have longstanding disagreements are looking to leave the company.
However, if you have an employee who is clearly disgruntled with every aspect of his or her corporate life, you should be prepared to have a discussion outside the performance evaluation arena to determine what the issues are, and whether they might lead to a security breach. If this conversation is held during the evaluation process, its less likely the employee will be forthcoming about difficulties with co-workers.
As I said earlier, managers at all levels needs to be aware of these interactions to identify potential problem areas. Human resources and policy dictate much of what supervisors and managers can do in this area. You should be familiar with your policy, and use it as a tool in identifying areas that may lead to security incidents.
On Wednesday, September 27, I will be discussing these and other types of personnel who might pose a security threat to your company from the inside. Join me as I explore the qualities that make an internal hacker unique. Well also look at principles you can put into action to minimize your risk in this area.