An employee, fired

Credit to Author: Hugh Aver| Date: Wed, 13 Jan 2021 17:21:10 +0000

When it comes to internal cyberthreats, fired employees tend to fall into the same category as embedded insiders. More often than not, however, employers view that scenario as hypothetical and fail to pay sufficient attention to it. Who would ruin their own reputation and complicate the lives of former colleagues? Well, practice shows that such people absolutely do exist, and this recent Stradis Healthcare incident provides a glaring example.

A study in revenge

A few weeks after being fired from the medical equipment supply company, a healthcare exec used a secret account to delay the shipping process. As a result, Stradis was unable to deliver supplies on time, including personal protective equipment (PPE) for doctors. The company was forced to shut down all business processes temporarily, and interruptions persisted even months later. In the end, the company resorted to contacting law-enforcement agencies.

Given current circumstances, mainly around the COVID-19 pandemic, the problem was less about losses caused by downtime and missed delivery times, more that medical staff needed PPE like never before. In other words, the culprit not only disrupted the lives of former colleagues, but also put doctors and patients at risk.

How to foil vengeful ex-employees

The Stradis incident shows that workplace revenge, far from being a hypothetical threat, is very real. It must be factored in from the start — when planning a company’s security system.

  • Abandon the practice of “secret accounts” from the outset. Regardless of a person’s position, convenience, or business process specifics, IT security service must be aware of all employee access channels to corporate systems or services.
  • Revoke access to all accounts of outgoing colleagues immediately, and also change the passwords to any shared resources they had access to (social networks, office Wi-Fi, etc.).
  • Back up all business-critical information regularly. After all, the simplest action that a vindictive insider can take is to delete something important.
  • Install security solutions on all work computers. Having appropriate security in place makes infecting the corporate network with malware a lot harder.

For configuring backup and protecting servers and workstations from cyberthreats, look no further than Kaspersky Small Office Security.


https://blog.kaspersky.com/feed/