Virus Code.jpgA disgruntled former Gucci employee is reported to have caused in excess of $200,000 in damages to his former employer (as reported by Computer World) and now faces criminal charges.

Specifically, the New York District Attorney’s indictment alleges that Sam Chihlung Yin fraudulently obtained IT access after he was fired. From there, the indictment alleges that Mr. Yin used his inside-knowledge of the Gucci IT infrastructure to cause damage that included deleting data, shutting down servers and leaving Gucci with an estimated $200,000 cleanup bill.

What Employers Should Take Away from this Incident

For Gucci, this incident is an expensive reminder of why it is critical to have a termination checklist that should be followed once a decision has been made to terminate an employee, especially an IT employee. For employers looking to avoid Gucci’s mistake, a non-exhaustive checklist to consider includes the following:   

  1. Do not communicate the termination until the employer is prepared to escort the employee off the premises. It is generally better to pay the employee severance benefits with no expectation of receiving anything in return than to pay the price of a vindictive employee trashing or misappropriating company information.
  2. Coordinate with IT personnel to remove all access to the IT systems, e-mail, remote access, or any other means to access the employer’s network. Ideally this will be done while the employee is being terminated. Or, if the terminated employee is a member of IT, eliminate access after working hours and then complete the termination process the next working day. Companies could also consider covertly transferring the IT employee into an IT “sandbox” until all normal IT access can be severed.    
  3. Obtain custody of all employer owned PCs or laptops as well as all company owned external hard drives or other portable media before the employee is terminated. 
  4. Remove any rights the employee may have as administrator of the organization’s Web site and extranets. While you are at it, remove the employee’s page or profile, if any, from the organization’s Web site.
  5. Take an inventory of all of the files or projects on which the employee was working, and make sure that all such materials have been returned. This is particularly important for employees who work remotely.
  6. Even after going though a termination checklist, an employer should monitor its network to ensure that the former employee has not regained access and to make sure that company information has not been compromised. 
  7. Employers should also remind employees that assisting former employees to access the company’s IT systems is prohibited. It is important that current employees are aware of this policy, especially at or around the time of a termination.
  8. If there is concern that the former employee has taken steps to destroy or steal data, careful consideration should be given for retaining a forensic computer examiner to take necessary steps to properly preserve evidence of wrongdoing.

The Gucci incident illustrates that it only takes one lapse in security to severely destroy or cause significant damage. It is better to be vigilant than a statistic.