Red Bank, Feb. 2, 2009 /The FraudBlog Newsletter/ - While it isn't easy to do layoffs and it is uncomfortable for most managers to perform; don't let your discomfort be the cause of a potential hack or malware attack from a disgruntled employee.
As ZDNet's Larry Dignan reported, Fannie Mae almost learned the hard way what a disgruntled employee could do to a company. In this case a contractor, who had root access to their servers, was let go recently but his root level access was not removed. This individual planted malware that would have shut down all of their systems. The impact would have been enormous. The following is not intended to be a complete list. It is a starting point for managers to start thinking about protecting their company's exposure in the sensitive area of payments and fraud. If you are letting people go that work in your payments and fraud departments you should consider:
Prior to them being notified - perform an access assessment of the individual: What access did they have to sensitive data? How much do they know about your fraud settings and controls? Are they aware of weak spots in your systems?
When you notify them - perform a formal notification: Remind them of confidentiality agreements and their obligations. Have them sign off on the access assessment. Shut off their access to any corporate systems that have sensitive data or are a part of payment processing.
After they have left - perform audits: Look at anything they may have accessed in the weeks leading up to their departure for signs of abuse, misuse or unauthorized access. In the event of a hack, malware attack or complaint of credit card data breach, you should perform a cursory review of these personnel as part of your investigation.