Before you fire an IT employee, especially one with network privileges, prepare for the worst Valrene Mae Schilke is every IT manager’s worst nightmare. A trusted CFO friend of mine recently forwarded an alert newsletter from the law firm Kirkpatrick & Lockhart Nicholson Graham (K&LNG) outlining a legal case involving Ms. Schilke, and the details sent chills down my spine. Just a few weeks ago, the Michigan Court of Appeals considered an appeal on her “unauthorized use of a computer” conviction, which was the result of an employment termination that went wrong.As a “technical analyst,” Schilke had the highest level of administrative access to key systems, which allowed her to add and delete files and change user permissions, among other superuser privileges. Her company had also provided her with VPN access to the corporate network. When her company decided to fire her, her supervisor and the HR director approached her desk to notify her. On hearing the bad news, she began typing on her computer and refused to stop. The HR director and supervisor left to find someone to disconnect her computer, but they came back to a worse situation: a barricaded office.Getting Schilke to leave the premises eventually required a call to the police, but the damage was done. To make matters worse, Schilke had changed the superuser password that would allow others to terminate her access to the network, so she continued her malicious actions via VPN from home. In the end, her employer estimated losses of almost $60,000 in revenue and system restoration expenses as a result of Schilke’s actions. Having been through the unpleasantness of terminations myself, I have a few tactical pointers for IT managers in touchy situations like the one mentioned above. Although you often can’t avoid the anger of an employee who has just been terminated, you can protect your company against potential IT damage. To do this, IT managers have to maintain strong relationships with the HR department and make sure part of the termination process includes notifying the appropriate IT operations staff so they can jointly plan with HR and rehearse the termination of IT privileges. When planning, HR and IT must consider worst-case scenarios and outline the specific steps required to avoid them.In Schilke’s case, she was an IT employee with unique superuser access to key systems, a situation that presents serious logistical challenges, demanding more than one trusted IT staffer with superuser privileges, plus the ability to terminate those privileges. More importantly, that staffer needs to be able to take the necessary steps to terminate privileges within a few minutes — or faster if at all possible.I had to terminate someone with privileges like Schilke’s once, and although it was nerve-wracking, the coordination with HR and the rehearsal with my trusted IT superuser paid off. I asked the trusted IT staffer to log in as superuser to all key systems before I called the employee into my office. As soon as he saw the employee moving toward my office, he was to run a preprogrammed script to kill the employee’s log-in shells and begin changing passwords. For further safety, I asked my trusted IT staffer to disconnect the employee’s cube from the network in the patch panel. In the end, the terminated employee slammed his telephone handset on his desk and broke it, but we were spared further damage. A damaged phone is a lot better than $60,000. SecurityTechnology Industry