Arlington, Va.— Layoffs are bad. IT sabotage could be worse.
The nightmare prospect of an employee turned saboteur arose during The Chronicle’s Technology Forum today. A University of Massachusetts administrator asked a question that isn’t academic in this recession: Should the HR departments of downsizing universities be aware of IT threats?
“Yes,” said Dawn Cappelli, a Carnegie Mellon University information-security expert who has worked with the U.S. Secret Service to build behavioral profiles of “insider threats.”
Ms. Cappelli, a senior member of CMU’s computer-emergency-response team, said layoffs were a “huge precipitating event.”
“If you know you’re going to have layoffs, bring IT into it and talk about that,” Ms. Cappelli said. “What kind of people are you laying off? Are they people with access to PII [personally identifiable information]? To intellectual property? That might commit sabotage?”
Ms. Cappelli offered plenty of case studies during her talk, titled “The Enemy Within: How to Predict and Prevent Computer Attacks From People Inside Your Institution.”
Consider the disaster wrought by one junior system administrator at an unnamed university’s cancer-institute research facility. With the help of another employee, the disgruntled former worker came back a few days after quitting, Ms. Cappelli said, and deleted 18 months of cancer research.
He also made sure there were no backups.
Ellen M. O’Connor, the administrator who asked Ms. Cappelli about layoffs, noted for the record that she works for UMass Boston — which is not the UMass campus that made headlines recently with its own “insider threat” story.
That happened at UMass-Dartmouth, where a former computer-system administrator allegedly hacked into student e-mail and Facebook accounts and downloaded nude and partially nude photographs of 16 female students.
“These are the sorts of things that have reputational risk,” Ms. O’Connor said of insider-threat incidents in general. “And so you never want to have those things happen.” —Marc Parry
Developing online and blended learning programs requires research and collaboration. Learn how top technology companies are partnering with campuses across the country to advance online learning as it becomes an increasingly important aspect of higher education.