It’s probably not too hard to imagine: a recently fired and fully disgruntled former employee has hacked into the company’s network, downloading precious personnel records of other employees and crashing servers as retribution for being let go. What can the company do?
Cleve Clinton of Gray Reed & McGraw has some advice on how to respond and what to do to prevent it from occurring in the first place:
- Tell Your Employees ASAP: The company is “almost certainly responsible for the loss of their sensitive personal information,” so notify the staff immediately, explains Clinton.
- If Possible, Access the Former Employee’s Former Email Account: There’s an argument to be made under the Electronic Communications Act, which regulates private individuals and businesses, that employees have the right to privacy in their emails, but the same law can be used to argue employers have the right to monitor these emails. The best course of action is to follow whatever policy is set out in the employee handbook when gathering evidence from the company’s email servers.
- Practice Practical Prevention: Aside from treating potentially resentful and disgruntled employees in a fair and benevolent way, there are some steps to be taken to prevent a situation like this from occurring in the first place, says Clinton. These include creating an IT policy for Web use and monitoring with a content-filtering system, limiting access to social networking sites, requiring separate and regular password changes for each employee, and auditing computer files for irregular user access.
