When firing employees, make sure he's not the only person with the master password

Archived From: Technology
  • Page :
  • 1
  • Text Only
rated:
This is usually something posted in Finance, but I thought what the heck.
Before firing your LAST IT employee, make sure you get all passwords first.

http://www.indystar.com/story/news/2017/01/17/after-his-firing-e...

I post this because I've seen this myself, where a company gets abusive, fires the entire IT staff, then wonders why they won't give up the passwords after being fired.

Member Summary
Staff Summary
Thanks for visiting FatWallet.com. Join for free to remove this ad.

I hope he gets his 200K as no one will ever hire this guy now!

Haha.  Read that in the newspaper yesterday.  The actual newspaper...

With a name like American College of Education, you would think they have a ton of IT level people on call.

forbin4040 said:   With a name like American College of Education, you would think they have a ton of IT level people on call.
  
It's a for-profit college, so they were likely skimping as much as they could with staffing. 

montee4 said:   I hope he gets his 200K as no one will ever hire this guy now!
  He won't get it.  I just don't see the court side with him and of course, no one will ever hire this guy again.  Sure, he made a point but he will be much worse off for it.
=14pxAbout 12 hours after an IndyStar reporter contacted Google representatives on Friday, the college's attorney, Scott Preston, said the internet company unlocked the account and returned control of the emails and data to the school.

ZenNUTS said:   
montee4 said:   I hope he gets his 200K as no one will ever hire this guy now!
  He won't get it.  I just don't see the court side with him and of course, no one will ever hire this guy again.  Sure, he made a point but he will be much worse off for it.
=14pxAbout 12 hours after an IndyStar reporter contacted Google representatives on Friday, the college's attorney, Scott Preston, said the internet company unlocked the account and returned control of the emails and data to the school.

  darn!  It was a free 200k

Nevermind

The guy is lucky he didn't get arrested and sent to jail, like this other IT admin did:
http://www.forbes.com/sites/ericgoldman/2013/11/04/think-hoardin... 
Terry Childs was principal network engineer for Department of Telecommunications and Information Services (DTIS) of the City and County of San Francisco. He apparently distrusted his co-workers and sought to make himself unfireable, so he arranged to become the only person with his network's passwords. When he was suspended from his job, he refused to divulge the passwords so that his employer could reassume control over its network...

For taking these steps, Childs was convicted of violating California's state computer crime law (California Penal Code Sec. 502(c)(5)), which criminalizes taking an action that "knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network." He was sentenced to four years in prison and ordered to pay nearly $1.5 million in restitution, the bulk of which compensates the employer for its post-firing efforts to find and fix Childs' backdoors.

I don't see where he got paid. This guy is a moron on so many different levels.

marsilies said:   The guy is lucky he didn't get arrested and sent to jail, like this other IT admin did:
http://www.forbes.com/sites/ericgoldman/2013/11/04/think-hoardin... 
Terry Childs was principal network engineer for Department of Telecommunications and Information Services (DTIS) of the City and County of San Francisco. He apparently distrusted his co-workers and sought to make himself unfireable, so he arranged to become the only person with his network's passwords. When he was suspended from his job, he refused to divulge the passwords so that his employer could reassume control over its network...

For taking these steps, Childs was convicted of violating California's state computer crime law (California Penal Code Sec. 502(c)(5)), which criminalizes taking an action that "knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network." He was sentenced to four years in prison and ordered to pay nearly $1.5 million in restitution, the bulk of which compensates the employer for its post-firing efforts to find and fix Childs' backdoors.


  That guy did it to the government.  And he held the passwords exclusively.

The guy in my posting worked for a private company and they fired him, without training a replacement.  Technically he had all the right to walk away.  And since he was probably paid $20/hr he decided to go for broke.  Wonder why Google caved (Maybe they didn't want the story to become a national headline)

forbin4040 said:   Wonder why Google caved (Maybe they didn't want the story to become a national headline)
 If it was G Suite, the email addresses likely had a custom domain name, such as @ace.edu . The school could probably prove they control the domain, and those prove they're the rightful owners.

https://support.google.com/a/answer/47283
When using Google Cloud services, you might need to add a CNAME record to your domain's DNS settings to customize a web address, verify domain ownership, or reset your administrator password..

It's school's property and they only need to provide adequate proof to Goggle. This entire episode reads likes a segment of daytime talk show and no one looks good in it.

His response was actually brilliant. He never once said he wouldn't give up the password. "I forget", is the most secure answer you can give and can't really be challenged. The 200k is merely a consulting fee for him to "help get back in." He very carefully never said "Pay up, and i'll give you the password." He's walking in a minefield, but so far carefully said all the right things in the right way. Like everyone has said, it's really a non-issue if the school isn't completely clueless. Google will easily reset the password.



Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.

Thanks for visiting FatWallet.com. Join for free to remove this ad.

While FatWallet makes every effort to post correct information, offers are subject to change without notice.
Some exclusions may apply based upon merchant policies.
© 1999-2017