> His contract with NCS was terminated in October 2022 due to poor work performance and his official last date of employment was Nov 16, 2022
This is why you don't force employees or contractors to work through their final two weeks. Too little benefit, too much risk.
> After Kandula's contract was terminated and he arrived back in India, he used his laptop to gain unauthorised access to the system using the administrator login credentials. He did so on six occasions between Jan 6 and Jan 17, 2023.
my anecdotal guess: there was a single admin account rather than a group, and they didnt want to risk changing the password because of an unknown number of scripts/services using it.
I don't think anyone sets out to have this policy. What seems to happen, especially with organizations that existed pre-computing, is these things evolved gradually along with computing and best practices. You picked the person with the most computing prowess, sat them down and said "make this work". And they got it working. And then it was too important to stop working.
It takes an IT team with skill and a management team that trusts them and their decision making to turn that kind of thing around. It's a similar story of a company that fails to have a working backup or disaster recovery: "everything has been fine and we can't justify the expense", when in reality it's a time bomb.
HR forgot they have to create a ticket for when they ask a contractor to leave early. IT has the account expire on the date the contract expires, but somebody needs to tell them that someone left.
This is why you don't force employees or contractors to work through their final two weeks. Too little benefit, too much risk.
> After Kandula's contract was terminated and he arrived back in India, he used his laptop to gain unauthorised access to the system using the administrator login credentials. He did so on six occasions between Jan 6 and Jan 17, 2023.
Oh nevermind, it's far worse than just that!