But sometime there's no choice. You might just have to call in the contractors and consultants. It could be pricey, but it beats not having access to the company intranet, for example.

In any case, according to Abena, it all boils down to human capital management.

Sacked, Canned, Downsized, 86ed, Axed, Shown the Door, Pink-Slipped…

In the IT world, two main reasons for letting techies go are poor performance and replacement by software or redundant processes.

When the dreaded time comes, Abena suggests using the human resources department as a strategic pink-slip partner. He explained that HR can help out with advice and logistics, such as separation paperwork, vacation settlements, and release forms to be used immediately upon firing. While you're at it, Abena said, try to schedule the firing for the end of the day, and provide options for outplacement, if possible. “By offering outplacement options, you minimize the negative aspects of the situation,” he noted.

But if poor performance is the issue, you need to take steps to make the firing go more smoothly. In this case, Abena suggests being clear, and making sure solid reasons are given for the firing…backed up by 30 to 60 days worth of documentation. “This will give the idea that you've given lots of thought to firing the person,” Abena said, “which is important because in the professional community-especially IT-everyone communicates, so you have to worry about your reputation.”

After providing the necessary paperwork, Abena recommends either escorting the former employee out of the building (security optional) and have associates pack the person's belongings, or have people supervise the recently terminated's pack up. All the while, Abena stresses acting fairly and being honest. “Firing is about the employee,” he said.

Take him seriously. Unless you live in a state with at-will laws, you may run the risk of lawsuit for wrongful termination. To avoid potential legal headaches, the best course of action when firing senior IT people, according to Abena, is to have all related directors and senior managers present throughout the process.

Now, when it comes to squeezing out very senior people-CIOs and the like-personal discussions about the situation over a short period of time are in order, Abena said. He suggests giving the person a chance to resign if the situation isn't of a grave nature. “But if it's clear-cut-very poor performance or a law is broken-you can fire them directly.”

The least popular and sometimes most potentially dangerous scenario is the mass layoff. If you're letting go, say, 20 employees at once, Abena strongly encourages a noticeable security presence offset by cooperative professionals still on the job. “Encourage other employees to be part of the process-they can help clean up, pack, carry boxes, an so on,” he said. “This can help diffuse a possibly tense situation.”

Get IT Together

Systems analyst Tom Noble has seen his fair share of IT professionals come and go. But he'll never forget the one who stole company secrets on his way out. Noble said the former worker was a trusted member of the staff and was responsible for security-sensitive functions including performing backups. The terminated employee made off with lots of proprietary information, including financial statements, and left the files behind on disk for a co-worker.

While Noble said there was no real way to prove the former employee performed the act, the disk in question stored the documents in a password-protected Zip file. According to Noble, the co-worker knew the password. In response, the company enacted a policy to attach passwords to such documents.

“There's no real way to prevent this from happening when an employee has access to the backups,” Noble explained. “Secure your own files and documents so trusted people with high level access can't dig into anything they shouldn't.”

Noble said that while common sense dictates to change passwords and shuffle admin accounts, sometimes the most post-firing-security-conscious companies overlook restricting physical access; instead many IT departments concentrate on locking the person out of the network and mail systems before they return to their desks to pack.

“Physical access to facilities is more dangerous than network access,” Noble said. “No matter what, if you have physical access to machines, you can get into the system-it's just a matter of time.”

To make sure you find a suitable replacement-instead of another square peg for the round hole-Noble recommends looking into consultants or contractors to fill the gap, thus allowing you time to recruit a good fit.
But it's hard to bring in a contractor to fill in for very senior IT people. If the CIO has got to go, Noble suggests planning the firing by breaking up the CIO's responsibilities and delegating them through the ranks. Then, discuss the CIO's access points and passwords and how to secure them. Finally, determine where and how the CIO has stored sensitive documents relevant to his job, and secure those, too.

No matter how you go about it-and even if the situation involves an IT person quitting and giving two weeks notice-Noble said you must act quickly. “If you know they're leaving, you have to close them out of all systems immediately, because you can never know what they'll do in the time they have left.”

Pink Slip Protection

Ten steps to tamper-proof your systems when you give the bad news:

o Disable all related user profiles and accounts
o Detach all network connections (i.e., at the cubicle)
o Image the user's hard drive for backup
o Change all administrator passwords
o Shuffle and change security accounts
o Reconfigure remote access
o Give close associates new passwords
o Search for recently modified documents
o Wipe the user's hard drive
o For the sake of convenience, have all user e-mail forwarded

These steps should be implemented when you've decided to fire the employee. By proactively closing means of access, you further ensure system stability as the system expert leaves the building.

Getting Even

Under the condition of anonymity, a security-savvy IT professional-we'll call him John Dough-explained ways a disgruntled tech worker might put the screws to his employer.

For example, word gets out that John Q. Public, a senior IT staffer at the Any Company, is going to be fired. He hears about it and begins plotting.

By using a separate computer on an analog phone line, he is able to circumvent primary security functions and avoid monitoring as he adds users to the system's privileged groups (e.g., administrative or power user groups). From there, he quietly installs timed mechanisms to launch destructive applications weeks or months after he's gone. Or, he could deploy applications that capture keystrokes, install self-launching viruses, or embed date-sensitive programs that delete everything at once.

“In this situation, the person will look for system access through remote offices, dialup points, and remote Web sites,” Dough said. “Potential problems can be avoided by having off-site backup-that way you'll always have the data.”

Dough explained that most companies are insured against attacks of this nature, and most should perform upwards of two weeks of post-firing security audits. Why? According to John Dough, the worst hacks can leave two to three days of complete system downtime, especially if the malicious acts are performed just before daily or monthly backups. He said full-force attacks can cost companies hundreds of thousands of dollars in repairs.

The most common hacks, according to Dough, are deleting essential files, setting up servers to fail upon reboot, and infecting systems with fast-acting viruses. Many of these so-called “small-time jobs” can be prevented by ensuring your systems do not rely on individual user accounts. That means never having critical functions tied to specific users.

A more thuggish-and simpler-approach to system destruction is the use of magnets. Large magnets, similar to those found in loudspeakers, can simply be placed on servers, leaving them confused, weakened, or ruined altogether.

Meanwhile, a more exotic route to total e-chaos is the EMP-electromagnetic pulse generator. In this case, the guy you just fired goes home, places a few orders from a scientific catalog, and builds a conduit for emitting high-energy blasts of electromagnetic energy. He loads the unit into the trunk of his car, drives to the corporate HQ, takes aim, and delivers permanent drought to your server farm. (Technology Decisions strongly discourages this practice.)

The solution to all of this: Hone your human capital management skills.