Letting People Go Securely
This editorial was originally published on Mar 15, 2009. It is being re-run as Steve is away on the 2013 SQL in the City tour.
The world economy appears to be in shambles, with many companies cutting back in all facets of their business. We hear regularly in the US that people are being let go from their jobs as positions are trimmed and companies look to save money.
When someone is let go, typically they are asked to leave the premises on the day. I’ve seen escorts that walked people out or watched them pack up. In some extreme cases I’ve seen people escorted out the door while another employer packed their things and brought them out. For IT workers, it’s a little different since they often have privileged access to systems. In addition to removing their personal belongings, having an IT worker leave means that passwords and possibly accounts need to be changed to ensure that the company is safe.
However when someone resigns and gives their two weeks’ notice, I often see that many people are expected to work their final two weeks, brain dump their knowledge to others, perform documentation, or even continue doing their job. In all of the positions I’ve resigned from I’ve worked out my time, even doing some last minute SQL Server development on a Friday afternoon, my final day of work, with plans to leave town the next morning for a new job.
There was only one place that I worked with a different policy. In that company, if someone with above normal privileges, which included upper management and IT administrators, they were escorted out of the building immediately if they gave notice to terminate their employment. That surprised me, but I understood it. People were paid for their two weeks notice, but management didn’t want anyone to have access to company funds or systems if they planned on leaving. I saw an article recently that provides some justification for this, with a survey showing 59% of people leaving a company steal data.
On the surface this makes sense, but does this help prevent data loss? I don’t think so. What happens is that employees that are likely to steal data will just take the data before they give their notice. You haven’t changed their behavior, but by not allowing them to work out their notice, you punish the remaining employees who have to suddenly pick up work from their ex-colleague.
There isn’t a good way to protect data from employees that want to steal it. But you can put in place auditing, and smarter systems that allow monitoring and auditing of your systems. They won’t prevent issues, but hopefully they’ll allow you to detect and respond to them.
The Voice of the DBA Podcasts
The podcast feeds are now available atsqlservercentral.mevio.comto get better bandwidth and maybe a little more exposure :). Comments are definitely appreciated and wanted, and you can get feeds from there.
Today’s podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
I really appreciate and value feedback on the podcasts. Let us know what you like, don’t like, or even send in ideas for the show. If you’d like to comment, post something here. The boss will be sure to read it.