Article by Pierre Zarokian.
While hacking by outsiders is posing a larger and more significant threat to companies of all sizes, the threat of insider jobs – particularly by disgruntled former employees is often a bigger one.
These attacks, carried out with malicious intent to hamstring a company’s operations, can cause serious problems. Take, for example, the following recent events:
• A former employee of Spellman High Voltage Electronics Corp. is facing charges after strange things started happening to the company’s systems after he resigned, due to allegedly being passed over for a promotion. Shortly after he left, employees at Spellman began reporting that they were unable to process routine transactions and were receiving error messages. The may-hem cost his former employer more than $90,000.
• A former employee of McLane Advanced Technologies was sentenced to 27 months in prison and ordered to pay $35,816 in restitution after pleading guilty to hacking into McLane’s systems and deleting payroll files to the point that staff could not clock in and the company could not issue payroll checks. He was upset after the company had fired him and then refused to help him obtain unemployment benefits.
• A network engineer, who was fired by the American branch of Gucci, stands accused of breaking into the computer systems of the retailer, shutting down servers and deleting data. He has been charged with computer tampering, identity theft, falsifying business records, computer trespass, criminal possession of computer-related material, unlawful duplication of computer-related material, and unauthorized use of a computer. The intrusion is said to have cost the company some $200,000.
With these cases in mind, there are internal steps you can take to avoid this sort of thing happening at your company.
• Route all offsite access through a VPN – This can typically prevent someone from entering your system altogether. But once you have such a system in place, all outside connections need to be logged and monitored for suspicious activity.
• Test your disaster recovery plan – You need to have a disaster recovery plan in place that includes backing up data everyday. That way, if data is deleted you can immediately switch to a backup IT environment. A lot of times, organizations do disaster recovery, but unless they practice the actual recovery, they don’t know if it will work.
• Block unapproved software – Sometimes your employee hackers will install extra software that makes it easier for them to root through your system and create havoc. You should have systems in place that do not allow anybody to install unapproved software.
• Disable ex-employee accounts and passwords – Whenever an employee or contractor ceases to work at your business – or in the case of layoffs, beforehand – you must disable their network access, accounts and passwords. You should regularly review which users have access to your systems.
• Think like a malicious Insider – IT managers must think like an inside attacker, and identify the weak points of their infrastructure that they themselves would exploit were they so inclined. As a senior manager, you should ask your IT managers just what they are doing to thwart any possible insider attacks.
• Make suspect behavior cause for concern – Watch for human-behavior warning signs such as complaining to others about the company and more than usual time accessing your company data on your network. Develop a response plan for when such signs get spotted.
• Beware resignations, terminations – Most insider attacks occur within a narrow window. Most people who steal intellectual property or destroy systems CO so within 30 days of resignation. Accordingly, keep a close eye on departing or departed employees, arid what they viewed. If someone resigns who has had access to your most sensitive company information, including trade secrets, you need to pay special attention to ensure it’s not compromised.
• Secure a cyber crime policy – Most default insurance policies won’t cover the costs associated with the loss of any data or business disruptions due to network problems caused by a malicious former staffer. Ask your insurance company if yours has this included or how much more it would cost to add it.