Ex-employee holds online college data hostage. How can your company protect itself from insider threats?

In January 2017, the American College of Education filed a lawsuit alleging a former IT employee was holding it hostage.

The employee, Triano Williams, was the lone remaining IT employee with access to a Google account containing email data and course information for 2,000 students. The suit claims Williams wanted $200,000 and a positive letter of recommendation in exchange for the access.

Google initially refused to release the data, as Williams was the sole administrator on the account. Eventually, Google relented. The college sued Williams, and in September 2016, the case was settled with Williams ordered to pay nearly $250,000 in damages.

The case is a cautionary tale for organizations that are increasingly reliant on cloud-based services and software platforms.

The Cost of Insider Threats

A recent study by IBM showed that 55 percent of cyber attacks were conducted by insiders. While some of this damage is unintentional … an employee may fall for a phishing attack or lose a laptop … others, like in the case above, are deliberate. A review of FBI investigations of incidents by former and/or disgruntled employees found the costs to an organization can reach up to $3 million per episode.  Factoring in legal expenses, the value of stolen data, IT and investigative work to identify and solve the issue, and credit monitoring if the sensitive employee or customer information is potentially compromised.

What can companies do to protect themselves … and their data … from disgruntled employees who could wreak havoc on critical data and systems? Here are a few suggestions:

1. Manage and Distribute Access

Companies should ensure that there are built-in redundancies for access to critical systems. Multiple people in the organization should have administrator access and rights to add administrators.

2. No Shared Passwords

Each user should have his or her own username password for access. The same passwords should not be allowed on multiple networks, systems or platforms, either.

3. Review Access and Passwords

Companies should regularly review who needs access to what systems and files. Employees no longer needing access should have their accounts terminated. Similarly, when an IT staff member leaves the organization, whether, under positive or negative circumstances, administrative passwords to cloud systems and servers should be changed.

4. Restrict Remote Access

To prevent employees from uploading or gaining access to sensitive data, organizations should not allow for unauthorized remote access login programs to be downloaded on company computers and devices. Access should also be restricted to cloud-based storage websites, such as Box, Dropbox, Mega, and OneDrive.

5. Mandate Password Changes

Companies should have automated processes requiring employees to change passwords on a regular basis.

6. Notify Third Parties

When an IT staff member leaves, third-party service providers for e-mail and technical support should be notified.

7, Back It Up

There should be consistent, secure backup and recovery procedures in place for critical business information, preferably on a daily basis.

The danger of disgruntled employees wreaking havoc is not going away, but companies that can practice sound adherence to rigorous preventative policies can reduce the risk and protect vital systems and data.

{company} in {city} is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at {phone} or send us an email at {email} for more details.