Many thanks to our associate Justin Root for referring this article which again highlights the risks to a company’s computer system posed by disgruntled employees. (Previously, we reported on the vulnerability from disgruntled employees of personal information contained in human resources records.)
Last week, a contractor at Fannie Mae was indicted under the Computer Fraud and Abuse Act for burying a malicious code in an otherwise legitimate computer script after having been fired earlier in the day. Unfortunately, according to the FBI’s affidavit in support of the indictment, Fannie Mae did not require the contractor to turn in his badge or his laptop or terminate his network access until more than two hours after his termination. The FBI’s affidavit goes on to allege that "had this malicious script executed, [Fannie Mae] engineers expect it would have caused millions of dollars of damage and reduced if not shutdown operations at [Fannie Mae] for at least one week."
While employers certainly want to be sure to treat terminated employees with dignity on their way out the door, this incident underscores the need also to be sure, once the termination decision has been made and communicated, to immediately take all necessary action to eliminate the employee’s computer and other systems or premises access that might give the terminated employee the ability to cause widespread damage before he or she is gone.