Tactical Advice

When Ex-Employees Attack: How IT Should Respond

An IT worker shares his horrifying experience after a former coworker wreaked havoc through a deactivated Exchange account.
When Ex-Employees Attack: How IT Should Respond

As unfortunate as it is, there are times when employees and employers may part ways on less than amicable terms. Whether it’s a firing or a layoff, an unexpected dismissal is an instant recipe for hurt feelings, tense emotions and in some cases, vengeance.

Jay6111 warns his fellow IT pros of the dangers of not setting up a thorough data protection and authentication deactivation plan for dismissed employees in an article for the Spiceworks Community.

In his case, a recently dismissed employee was still able to access his e-mail account and send out damaging and embarrassing information about the CEO’s wife, as well as confidential information to competitors.

Read the tale in Jay’s own words below:

The day started something like this: A ticket comes across for deactivation of an employee. Let’s call him Ezekiel. Nothing new. I do all my checks to make sure Ezekiel was disabled in AD, blah, blah, blah — you know the routine. An hour later, my boss calls me down to the CEO’s office. He heads me off at the door.

Boss: “You disabled Ezekiel’s account, RIGHT?”

Me: “Of course. Why? What’s going on?”

He moves aside so I can enter the office where I see a room full of top executives, all displaying angry red faces, clutching several printed out documents.

Me: “Hey, everyone. What’s up?” (My voice comes out sounding like Alfalfa’s from “The Little Rascals.”)

Exec 1: “THIS is what’s up,” he says, throwing a small stack of papers into my chest.

A quick glance and I can tell the papers are printouts of emails directed to several inside and outside partners describing, in detail, certain actions of the CEO’s wife, along with proprietary information about the company. I check the sender. To my surprise, its Ezekiel, the very same user I disabled not more than two hours ago.

Boss: “Check the timestamp! Have we been hacked?” he asks, pointing to the top of the paper.

The timestamp showed it was sent out 15 minutes ago, which by everything I was ever taught or knew about being a Systems/Network Administrator was impossible… Or was it? From here, it’s just a bunch of raised voices yelling and talking over one another for the next 10 minutes with all eyes on me while I slowly back myself into a corner cowering like a beaten dog. I don’t have any answers for them but assure them I will get to the bottom of this as I walk out with my tail between my legs.

This happened despite the fact that Jay had deactivated the user’s Exchange account with Active Directory. Why? Because while the account is instantly disabled on the LAN, Microsoft allows access through Outlook Web Access for 15 minutes after the account is disabled. Again, Jay explains:

So, why 15 minutes — why don’t we just lower it? There’s a reason to the madness. Each time a user logs into OWA, it creates a storm of ASP packets to the server for authentication along with other things. This isn’t so bad if it’s only happening every 15 minutes, but lower this setting in a larger organization, and your phone starts ringing from users complaining about performance on Exchange or frequent disconnect notices. Microsoft chose 15 minutes as the happy medium between performance and security.

This episode is a valuable lesson to all IT workers. Coordination with stakeholders and the human resources department is critical to avoid data loss and embarrassing scenarios like Jay’s. That could mean establishing a set time window for disabling to-be-dismissed employee accounts or blocking Outlook Web Access for that specific user days before.

For more on this story, read the full account on the Spiceworks Community blog.

Sign up for our e-newsletter

About the Author

Ricky Ribeiro

Online Content Manager

Ricky publishes and manages the content on BizTech magazine's web site. He's a writer, technology enthusiast, social media lover and all-around digital guy. You can learn more by following him on Google+ or Twitter:

Security

Three Ways to Integrate Fire... |
Follow these tips to align the devices with log management and incident tracking systems.
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...
The Value of Converged Infra... |
Improvements in security, management and efficiency are just a few of the benefits CI can...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Hardware & Software

New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
The Tools That Power Busines... |
Ever-evolving analytic software can greatly improve financial institutions’ decision-...