Work with HR to prevent data damage and downtime from disgruntled ex-employees

Here’s another example of why HR and IT need to be a team when it comes to the unfortunate situation of letting someone go.

Christopher Victor Grupe worked as an IT professional for Canadian Pacific Railway (CPR), a transcontinental railroad based in Alberta, Canada. Grupe got into an altercation with his boss, and after a suspension was asked to resign. He said he’d bring back his company-issued devices and access the next day.

Even though Grupe kept his word and returned his computer and access key cards, it became apparent that he had sabotaged several areas of data in the process. Grupe accessed the company’s switches and removed admin account access, changed passwords for users and deleted log files.

After that, Grupe wiped the laptop and returned it. The damage caused a reset as CPR reset the switches and admin accounts, and the company experienced outages.

Now, what Grupe did was illegal and a judge sided with CPR in court, but the damage happened back in 2015 and the case only wrapped up this past week. That’s two years of an expensive legal fight between ex-employee and company that could have been prevented with a strongly enforced firing policy.

And this isn’t the only case of its kind.

Recently, a user asked an online technology forum what to do when an ex-employee holds G-Suite data hostage after being fired. The previous system administrator in this case removed all other admin access, used a backup email to retrieve the company’s attempt at resetting the password from Google, and gained full access to the company’s data and communication channels.

And, in another case, a disgruntled ex-employee at an online college held the only administrative access to the college’s Gmail account. When he went, the access went with him, and in order to restore it he demanded $200k.

In both cases, the ex-employees were running afoul of several laws, but the fact remains that the downtime caused by these disruptions irritate your users and cause a loss of business revenue as you try to wrest control back from the ex-employee. Google can be a resource in these cases, but the tech giant is leery of security breaches and doesn’t readily hand new keys over without several authentication hoops to jump through.

The best scenario is to work with HR and have several hours’ notice of when IT staff and users are leaving the company, so their access can be revoked without incident.