GRC & Fraud Software Journal
A case resolved this week highlights the danger former workers can pose to IT systems and proprietary data stored on company networks.
A U.S. District Judge in North Carolina on Tuesday sentenced Nikhil Nilesh Shah to 30 months and ordered him to pay $324,462 in restitution for sabotaging servers belonging to SmartOnline, where Shah had once worked as IT manager.
“This insider case renews the call for effective employee termination procedures, especially for system and network administrators,” Jake Williams, founder of Rendition Infosec, told GRC & Fraud Software Journal this week.
According to the U.S. Justice Department, Shah pled guilty to one count of causing the transmission of malicious computer code, which SmartOnline says caused the loss of priceless data.
The DOJ says Shah left Smart Online in March 2012 to work for another technology company; on June 28, 2012, he sent malicious computer code to Smart Online’s computer servers in Durham and Raleigh, deleting much of Smart Online’s intellectual property.
Could the company have prepared for such an event? Far too few companies have policies to protect data from former employees who have administrative rights to computer systems where they once worked, security experts said.
“Shah emailed himself details of the company’s servers, ASA VPN and PIX firewall configurations,” Williams said. “Additionally, the emailing of sensitive data to a Gmail address should have been noted by data loss prevention software, which is part of the Data Protection Critical Security Control.”
One idea is to hold the employee’s final check until all admin rights have been canceled and passwords changed. “We are pretty good at controlling paychecks,” said William Hugh Murray, SANS Institute’s trainer in Information Assurance.
He adds: “How about a control that says that the last check cannot issue until all privileges have been cancelled?”
Security and risk experts also remind companies to reduce risk on the front end via thorough background checks and other due diligence to ensure IT hires are trustworthy.
Having exiting IT staff sign a policy statement banning access to networks after employment will reinforce the idea that the company will be watching for such breaches.