Do your homework. Exit strategies and security measures should vary depending on the employee's role. Executives and managers who are charged with laying off personnel shouldn't assume that disabling computer access is simply a matter of pulling a plug.
"Before you lay off, look closely at the classes of people," advises Jones. "If they're from sales, HR or finance or [are] senior employees, it may take longer to [disable their access] because they have greater access to systems" than other employees do.
Involve IT in layoff plans as early in the process as possible. "It's important for IT to be synchronized tightly with HR," says Ken van Wyk, an information security specialist and consultant in Alexandria, Va. "But IT people need to understand how sensitive their roles are, and there has to be zero tolerance for spreading rumors. If an IT person tells people that they're going to be laid off, that IT person also needs to be included in the exit roster."
Make sure the proper security programs and policies are in place well before the layoff, advises IDC's Hudson. Among other things, you should make sure you're using systems to secure content, prevent data loss and manage threats. Such systems include firewalls, content- and spam-filtering tools and antivirus software.
You should also have a secure identity and access management infrastructure. Also known as an IAM, this type of setup "controls the who, what, where, when and why of user activities throughout the enterprise," Hudson explains. Having the ability to monitor and evaluate how access rights are being used is critical to meeting governmental mandates and identifying system misuse.
Compartmentalize system access according to employees' roles. This is a secure system design principle that companies should implement at the beginning of any software-development effort. "Access control means tightening up a lot more on the business logic layer," explains van Wyk.
But all too often, companies forgo this step "because it requires more time and thinking through of the design of software," he says. In the absence of an initial secure design, the next best measure is to implement software that records users' access to systems and the actions they take while using various business applications, van Wyk says.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.