This month’s column is a joint article between Ken May of Swift Chip and John Troxel of Verdict Resources, Inc. (http://verdict.net)
We’ve all experienced a major IT issue that impacted our business, and they’re a pain. We can safely say that it is worth $500 or more to ensure we don’t have THAT happen again. It is simply a fact of life that transitions in IT staffing or vendors needs to happen sometimes. When considering the damage that the Director of I.T. (IT Guy, or contracted IT Service) can do through lack of cooperation, or outright interference, we’d probably pay a lot more. If one were to identify someone in a position to do the most damage, wreak the most havoc, and cause the greatest number of headaches, it would be tougher to discover a person outside the I.T. Department. The IT Guy holds the keys to the kingdom, so at the very least, basic logistics for how the system operates could be a problematic to overcome; but worse-case (and very possible) scenario is the potential for sabotage. Below are a few steps to consider when you have decided to make that change, with the obvious assumption that legal counsel is read in on the situation.
1 - Get an IT audit
IT audits are performed by third party IT support companies that will help identify vulnerabilities, show all the passwords, discover network architecture, etc. The goal is not an in depth review of everything IT, but rather to limit the IT Guy’s ability to cause damage. The IT Guy can be advised that a new insurance policy requires the IT audit. Go over the results of the audit to make sure no critical systems were left out.
2 – Have a transition plan in place
Emotions can run high, and you may be tempted to just cut the person loose as soon as possible. Ideally, you want to make sure you have another person or company in place to take over the role well before the person is removed from their role.
2 - Have a meeting
Invite the IT Guy into an office for a meeting, and while he is in there, have the third-party IT company go and change all necessary passwords, permissions, etc., with their email password being changed last (so he doesn’t notice his email not working suddenly). The key is to protect proprietary information and mission critical data that will allow the network to function and the data to remain intact.
3 - Secure IT
If he has a company phone, put it in a Faraday bag to prevent remote wiping. Disconnect (air gap) his computer from the network and image it, as no assumptions should be made that he shared all the secrets during the IT audit. Don’t turn it off, we might want to copy information residing in memory, plus he may have encryption in place that would make recovery otherwise impossible.