Welcome to Risk Management Plus+ Online

A Service of Travelers Bond & Specialty Insurance

print   email   Share

When Former Employees Access Your System: The Risk For Employers

A Tennessee man pled guilty to intentionally accessing a competing engineering firm's computer network without proper authorization. He did it for the purpose of stealing trade secrets.

Jason Needham admitted that for more than two years, he would access the servers of his former employer to download engineering schematics and more than 100 documents. Needham also accessed the emails of a former colleague at his old firm in order to see marketing plans, project proposals, fee structures, and other documents in the company's internal document sharing system.

His unauthorized access and downloading involved proprietary business information worth approximately $425,000. DOJ "Tennessee Man Pleads Guilty to Unauthorized Access of Former Employer's Networks," www.justice.gov (Apr. 14, 2017).


Commentary

Although the press release from the Department of Justice is silent on how the former employee accessed the computer system, a strong possibility is that he was given credentials when he was an employee and the credentials were never revoked.

Another possibility is he stole credentials and impersonated another user when illegally accessing the system. As for the unauthorized email access, he used a colleague’s password.

Most employers know to deny access to employees prior to their leaving employment. However, all access points must be audited after a termination to make certain the former employee does not have another route into your system, including using access points and credentials of existing employees.

Unauthorized use is often discovered by auditing log-ins not credited to the user, especially at night or during off hours. Another best practice is to ask employees to change their credentials every 90 days at a minimum or immediately after an employee with access leaves and to never share their password with anyone, including other colleagues.

Below are some links to articles with additional information on passwords.

“I've Been Hacked. How Did They Get My Password?”

"’123456’ And Other Password No-Nos: Do You Use Weak Passwords?”

Finally, your opinion is important to us. Please complete the opinion survey:

News & Information

Ransomware Inflation: The Cost Of Unlocking Networks And Computers Is Rising

The ransomware known as "Samsam" now demands tens of thousands of dollars from its victims to decrypt their data. We examine and provide some prevention tips for employers.

Read More

Is Employee Burnout Hurting Employee Retention?

A survey shows that 95 percent of employers experience costly employee turnover because of burnout. We examine.

Read More

Hackers Can Break Into Office Routers: Is Yours Safe?

Using strong passwords is the best way to keep your internet-enabled devices secure. Learn more about strong passwords.

Read More

Update On The Proposed Overtime Regulations Under The New DOL Secretary

In late 2016, a federal court enjoined the DOL's proposed overtime regulations just a few days before the long-anticipated changes were to occur. What is the status now?

Read More