Meanwhile, the legion of laid-off workers continues to grow. In the past few months, Citigroup, SAP, Sun Microsystems, IBM, Sprint and Microsoft have all announced layoffs, adding to the tens of thousands of already unemployed people, many of whom are technically savvy and have access to key computer systems, highly sensitive corporate data or both.
What's surprising -- and potentially lethal to corporate security -- is how many departed workers retain such access via so-called orphaned accounts long after they've been discharged. Four out of 10 companies have no clue whether user accounts remain active after employees leave, according to a study of 850 security, IT and human resources executives by Symark International, a security software company.
In addition, 30 percent of executives reported that they have no process in place to locate and disable orphaned accounts. Another sorry statistic: 38 percent of them have no way of determining whether a current or former employee is using or has used an orphaned account to access information.
The most common threat is that an employee may take intellectual property, including strategic plans or customer data, before or soon after he is let go, says Jonathan Penn, an analyst at Forrester Research.
And things can get even more dicey when IT staffers are laid off. Often, these are employees with "the keys to the kingdom," says Jones.
He notes that Roger Duronio, a former IT worker at UBS Paine Webber who was convicted and sentenced to eight years in prison for planting a software logic bomb, was able to do such extensive damage to company data because "he had access everywhere." (A logic bomb is software code that triggers malicious functions under certain prescribed conditions; for example, one could be set to delete all customer accounts at a particular time on a specific date.)
Systems administrators and users with privileged account access -- such as those who know root passwords -- can definitely pose a greater threat, says Sally Hudson, an analyst at market research firm IDC. "Those with access to privileged passwords possess the power to change system data, user access and configuration. They also have the power to easily sabotage the critical IT operations of any organization," she says.
Despite these vulnerabilities, there are steps that companies can take to limit potential damage, especially when conducting layoffs.