When an employee leaves a company either voluntarily or involuntary, the business must have the processes and procedures in place to immediately revoke access to information resources. This isn’t a new concept in the information security realm but it is something that is often applied lackadaisically in organizations. With the cost of breaches rising, leaving doors open for potentially disgruntled ex-employees can be a costly mistake for your business. Just as you provide access to new employees, you must be ready to remove access when an employee separates.
The article snip below is a recent addition to the “should have known better” club:
The ex-employee, Dong Chul Shin, was fired from the company March 3 for performance reasons, and escorted off the premises, according to court records. But the company failed to immediately shut off his VPN access. That afternoon, someone using Shin’s account began logging onto the corporate network, e-mailing out proprietary data to a personal Yahoo account linked to Shin, and modifying and deleting files, according to a search warrant affidavit by the Dallas FBI agent Robert Smith.
Poulsen, Keven. “Ex-Employee Fingered in Texas Power Company Hack.” WIRED 29 May 2009.
http://www.wired.com/threatlevel/2009/05/efh/
You know so many interesting infomation. You might be very wise. I like such people. Don’t top writing.