When you think about securing your computer systems Dan Feeney Youth Jersey , whether it’s on the desktop or the network, you always visualize your primary enemy as the evil hacker looking for vulnerabilities to exploit and steal your valuable data.
While that enemy remains formidable, it’s important to understand – and prepare for – another dangerous adversary: that ex-staffer with access to system accounts (and default settings) that remain active after heshe has left your company.
Whenever the risks from the insider threat are discussed, it’s usually about the disgruntledmalicious employee within the firewall abusing permissions to steal data or plant malware in sensitive parts of the network. But that orphaned account — the ex-employee who still enjoys e-mail access and who knows the default passwords to the sensitive parts of your network — is a bigger risk and Mike Williams Youth Jersey , frighteningly, is often forgotten.
As the economic troubles take root and businesses implement reductions in workforce, the risk is heightened and the news headlines confirm the worst.
The story of Viktor Savtyrev, who worked as a systems administrator at a New York-based mutual fund company Jahleel Addae Youth Jersey , is an eye-opener. In April 2009, Savtyrev pleaded guilty in a federal court to charges that he tried to extort an undisclosed amount of money and even forcibly secure good job references from the company that had just laid him off.
According to court documents, a day after he and 13 other employees were laid off, Savtyrev sent the firm’s general counsel an email that threatened to unleash devastating attacks on the network unless his demands were met for additional severance pay and health insurance.
“My comrades for a small fee are able to help me out with bridging firewall security and carry out data destruction and virus outbreak Keenan Allen Youth Jersey ,” Savtyrev wrote in the email dated November. “And lucky me to find out that [the company’s firewall] is the cheapest firewall to crack.” He went on to threaten a barrage of nasty press if the managers did not comply.
The mutual fund company facing Savtyrev’s threat was lucky. It was able to contact law enforcement authorities early to avoid any damage, but without a formal policy in place to deal with this threat, the Savtyrev story could have had a terrible ending.
I’d wager a bet that more than 75 percent of small businesses have no idea how many orphaned accounts exist within their organization. Quickly, do you have a procedure Melvin Ingram Youth Jersey , or the resources, in place to automatically nuke every user credential for exiting employees? Didn’t think so. Do you have a coherent strategy for locating orphaned accounts and mitigating that risk? Probably not. And it is scary. When that laid-off employee walks out the door, sensitive information may already be gone. When layoffs happen, there is usually rumor and buzz within affected departments. Employees who believe they are at risk of being cut can start moving critical company data to USB drives or emailing the data to personal web addresses.
In this economic environment Joey Bosa Youth Jersey , some employees receiving pink slips are experienced personnel whose responsibilities gave them widespread access to things like customer lists, financial information, trade secrets, roadmap plans and the overall strategic direction of the company.
Do you Melvin Gordon Youth Jersey , as the small business owner, even know where all your IT assets are and who has access to them? In these tough economic times you have to be prudent about expending resources, but in your IT security budget you need to spare some room to create formal policies to deal with ex-employee accounts that are never disabled. It’s crucial that companies get serious about keeping detailed inventory of essential data, knowing where it’s stored and who has access to it Philip Rivers Youth Jersey , and staying alert for unusual data traffic.
A May 2008 survey of more than 800 IT professionals found that 42 percent of those surveyed didn’t know how many orphaned accounts existed within their business. The survey, commissioned by Symark, also found that 30 percent had no procedure to locate the orphaned accounts, and more than 48 percent had no way to determine whether an orphaned account had been used to access information.
Follow this practical advice to avoid the risks associated with orphaned accounts within your organization Justin Jones Youth Jersey , and take the first steps in securing your network from ex-employees.