"After being fired from NMS, Powell accessed the NMS computer systems and deleted and destroyed data."

I don't get it: how is an insurance policy that is supposed to encompass acts of destruction by employees be also applicable to acts of destruction committed by an EX-employee, if the statement above describes the situation accurately? Either the narrative is tortured and needs to be rewritten, or the Federal Court's logic is tortured and needs to be revisited.

If there is one conclusion to be drawn from this story, it is that companies must be extremely cautious and parsimonious about giving anyone remote access privileges - There is no real reason to assign them to any admin who lives within reasonable commuting time to the workplace. If it were feasible, I would have shut down remote access for several days while the new admin pores over all user account privileges, orders all users to change their passwords immediately, and runs a battery of vulnerability tests on the network. Needless to say, if Mr. Powell had been fired on the spot, he should be made to leave on the spot - after the safeguards are first put in place. Finally, Mr. Powell should have been given something to lose: he should have been allowed to keep his unemployment insurance benefits, and someone should have spelled out to him that he would stand to lose them were he to do what he did.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/163/20208#20208