How to Secure Sensitive Data Before a Layoff Occurs

By Gregory Shapiro  |  Posted 2009-06-02 Print this article Print

Over the past six months, many of us have become desensitized to the staggering number and size of layoffs that continue to occur almost daily. But the reality for the IT industry is that layoffs have a different effect on those of us in the industry whose mission it is to protect the company's reputation, intellectual property, confidential data (both electronic and hard copy) and business operations. Knowledge Center contributor Gregory Shapiro outlines seven steps IT professionals can take to protect their company's data before a layoff is implemented.

Unlike individual employee terminations, which are customarily unannounced and immediate, layoffs present a larger threat to corporations because they leave the door open to both intentional and unintentional data loss, leakage and integrity problems. When employees sense impending layoffs or are told in advance and kept on for a limited time to transition, that is when rumors and panic consume the employees. It's then that the company's sensitive data can be compromised.

For this reason, the strategy for any corporation planning a layoff should include setting policies and making sure practices are in place to secure their sensitive data now.

Steps to protect company data before a layoff is implemented

Step No. 1: Create a set of policies

Create a set of policies outlining acceptable use, data responsibility and data retention that is shared with and understood by all employees. If you already have these in place, now is the perfect time to revisit and refresh them.

Step No. 2: Implement a standard procedure for employee termination

Implement a standard procedure for employee termination, which includes when and how an employee's network access is terminated, how equipment and data (both hard copy and electronic) is collected, and how access privileges are assigned for any transitional period.

Step No. 3: Maintain an up-to-date auditing of your company's data

Maintain an up-to-date auditing of where your company's data is stored, who has access to that data, who can administer permissions or configurations on servers, and how data is backed up. If possible, use software tools or policy-enforced procedures that provide an audit log of data access and modification.

Most document management systems can provide a log of both file retrieval and per-user changes. Knowing what content and access permissions each employee is granted greatly impacts your ability to secure and collect that information when the time comes.

Gregory Shapiro is Vice President and Chief Technology Officer at Sendmail. In his tenure at Sendmail, Gregory has held prominent roles in the engineering, IT and business development departments. After four years of leading Sendmail's products in production, Gregory returned to improving those solutions, first in the business development group researching and evaluating partner products and most recently as the engineering group's chief architect. Prior to Sendmail, Gregory began his professional career as a systems administrator for Worcester Polytechnic Institute (WPI) after graduating from WPI with a degree in Computer Science in 1992. Gregory is a FreeBSD committer, has served as program committee member for BSDCon 2002 and program chairman for BSDCon 2003. In addition, he has contributed to the past three editions of the O'Reilly Sendmail book. He can be reached at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel