TJX employee fired for exposing shoddy security practices

I was reading this story about a TJX employee being fired “after he left posts in an online forum that made disturbing claims about security practices at the store where he worked.”

Current and former employees with an axe to grind pose a much greater threat than many of the other issues we often spend our time chasing after. In this instance, an employee has taken it upon himself to sully his employers name in a public forum. Regardless of whether the information he posted is correct or not he deserves to be fired.

As to the information itself, I’m not sure it’s important. I wouldn’t be surprised if individuals within most large organisations couldn’t probably dig up a few things they’d consider to be evidence of poor security. WIthout the full picture of other controls it’s not possible to make a judgement on risk.

Given that on the forum itself the employee in question states that “I am at the same hierarchical level as a cashier” it’s highly unlikely that he knows much about the security processes in place. Did he deserve to be fired? Absolutely yes!






Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

So if Dr Harold Shipman's receptionist had called the cops and given evidence against him, would she have deserved the sack for sullying her employer's name in a public court? I expect you would say: "Given that she is on the same hierarchical level as a cashier, it's highly unlikely that she knows much about the medical processes in place. Did she deserve to be fired? Absolutely yes!" Unless your granny was a victim, or course.
No mate. You see, Harold Shipman was a murderer. I'm having trouble making the connection.
Facts reported by security analysts, and decisions made by information risk managers, must always be taken within the information system and business context. Taken in isolation they can indicate misleading circumstances which outsiders use to jump to conclusions. They key here is to make sure the security management process full articulates the surrounding context, circumstances and how decisions were made. While this might not be glamorous it does allow for all factors to be taken into consideration and a balanced approach to be reached. Of course, the much more interesting question then is: how do we make sure that all stakeholders have confidence in the quality of risk management across an enterprise?