Corporate Outplacement and Career Transition Information

Monday, January 12, 2009

Is Your IT Team Prepared to "Deprovision" Users during a Reduction-in-Force action?

Critical Information for Reduction-in-Force and Layoff Actions

For any organization experiencing a downsizing, a key step on the RIF project checklist is that of "deprovisioning" employees from internal technology systems. This includes revoking username and password access to sensitive, internal company databases including CRMs, employee portals, and intranets.

Moreover, in addition to the employee's personal access data, companies regularly create testing, administrative, and "dummy" accounts for a variety of purposes, and these are available to a wide group of employees.

From a recent article citing industry leader Courian on this subject, a Courian expert explained:

"Employees can accumulate an average of 15 to 20 user accounts over the course of employment and it typically takes an enterprise three to five minutes to manually turn off each account upon termination. Organizations faced with having to terminate hundreds of thousands, or even millions of accounts, may think that simply terminating an employee's network access is sufficient protection."

If significant downsizing effects the IT team as well as the general employee population, an even greater risk is exposed as there is less labor to accomplish the task, and the IT Team is the very group with greatest access to sensitive information.

Laid-off employees can easily exploit the lag time between being laid off and having all of their accounts shut off to access sensitive company information. Even worse, usernames and passwords pertaining to zombie accounts could be shared or even sold to the highest bidder, giving cyber-criminals access to sensitive information without the need for sophisticated hacking techniques.

Additionally, When confronted with the prospect of layoffs, 71 percent of the employees surveyed declared they would definitely take company data with them to their next employer. Top of the list of desirable information is the customer and contact databases, with plans and proposals, product information, and access/password codes all proving popular choices, the study says.

For enterprise-level organizations, to manually deprovision thousands of accounts - assuming an average of three minutes per account - would require tens of thousands of labor hours. During the lag time in turning off accounts, the organization would be an easy target for data theft.

In a recent Cisco-sponsored survey of 2,000 employees and IT professionals, the responses showed that one in 10 end-users had either stolen technology, accessed someone else's computer, stolen information and sold it, or knew of co-workers who did.

To receive more information or schedule an off-site RIF Planning Workshop, contact Karen Masullo toll-free at 866-214-5445 or write to

Click Here