Insider threats to hacking your network

leon-seibert-2m71l9fA6mg-unsplash
What if your company has trained your employees in cybersecurity?

What if your company has trained your employees in cybersecurity? Is the network safe now? Your employees may be trained, and you are updating them as fresh forms of hacking are discovered. What if the latest attack was a deliberate attack from someone working in an office or a cubicle—an employee you trained? An employee you let go?

Add in a new spin? Employees are working remotely, and that trend will continue. It exacerbates the problem when an employee feels disgruntled. That’s because hackers troll for disgruntled employees. Trolling is not a new game for hackers, and companies worry about any of their employees having hidden hacking skills. 

It takes one. 

Known as insider threats, employees, former employees, contractors, business partners, or vendors with legitimate access to a company’s network. Later they are intent on stealing sensitive company data for profit, and most times, revenge, and will leak sensitive information.

Christopher Dobbins, 41, of Duluth, Georgia, a former vice president of Stradis, a medical device packaging company. After that in April 2020, disrupted the delivery of scarce PPE masks in the middle of a global pandemic.

While employed, Dobbins had administrator access to the computer systems containing the company’s shipping information. He was canned in March 2020. Three days later, Dobbins logged in through a fake user account that he had created while still employed at the company. He made another fake account and used that one to change a reported 115, 581 records and erase 2,371 more. He then deleted the fake accounts.

The hack disrupted the delivery schedule of vital medical equipment during COVID-19. 

Dobbins plead guilty to charges of sabotaging electronic shipping records, causing more than $200,000 in damage and delaying the shipment of PPE during the COVID-19 pandemic. A judge sentenced him to one year and one day in prison and ordered to pay restitution in the amount of $221,200.

Employees already handed termination notices may feel betrayed and may use their access privileges to damage the company’s reputation or to extort money. However, to prevent a future hack, forgo the traditional two-week notice; escort the employee off the premises, and begin, 

  • Disabling and changing all passwords from any applications or website that housed customer data.
  • Disable terminated employees email access.
  • Remove and disable building access, including any key card access to doors. 
  • Wipe company information from any employee-owned devices.
  • Account for all company owned equipment.  
  • Account for software licenses designated for use by the terminated employee. 

Our Cyology experts understand cybersecurity is encompassing. We are the experts in preventing hackers inside your networks. Call us…

Terry Cutler

I’m Terry Cutler, the creator of Internet Safety University, an educational system helping to defend corporations and individuals against growing cyber threats. I’m a federal government-cleared cybersecurity expert (a Certified Ethical Hacker), and the founder of Cyology Labs, a first-line security defence firm headquartered in Montréal, Canada. In 2020, I wrote a bestselling book about the secrets of internet safety from the viewpoint of an ethical hacker. I’m a frequent contributor to National & Global media coverage about cyber-crime, spying, security failures, internet scams, and social network dangers families and individuals face daily.