Radio Shack's recent firing of 400 people by e-mail reminded me of this (relatively famous) Dilbert cartoon.

I'm not going to discuss the firing from a PR perspective at all. You can find numerous other blogs and news outlets talking about this. I am going to look at this solely from a security standpoint.

In most cases, when you fire people, you try to limit their access to any aspect of the company. You are getting rid of them, so you really do not want them hanging around the office accessing their computers. Who knows what they might do? If you are firing a group of employees over e-mail, it still means that they still are logged into the computer (which is probably authenticated to some domain), and they still have access to their e-mail (because they have to read it to know they are fired). I'd love to give Radio Shack the benefit of the doubt and presume that they restricted access to everything for all the employees that they let go, but they are a big company and it's difficult to disable access and delete accounts for 400 employees in real time.

So, Radio Shack is left with 400 former employees, some of whom are probably very disgruntled. It gives them the opportunity to send mass e-mails out to present employees, steal confidential data and damage company property. All it takes is for one of the ex-employees to do something stupid and unprofessional for it to be detrimental to the company. A backdoor here, malicious code there, or confidential data sent to an e-mail account abroad or placed on a CD, who knows what 400 angry employees could do?

To save time and bypass the wrath of the employees, management opened a can worms and left the company vulnerable to attack from the group of people who are already most likely to do harm to the company. It's a classic case of shortsightedness, where management took the easy road and (possibly) ignored the security ramifications of their decision all together.