AmTrust Workplace
print   email   Share

When Former Employees Access Your System: The Risk For Employers

A Tennessee man pled guilty to intentionally accessing a competing engineering firm's computer network without proper authorization. He did it for the purpose of stealing trade secrets.

Jason Needham admitted that for more than two years, he would access the servers of his former employer to download engineering schematics and more than 100 documents. Needham also accessed the emails of a former colleague at his old firm in order to see marketing plans, project proposals, fee structures, and other documents in the company's internal document sharing system.

His unauthorized access and downloading involved proprietary business information worth approximately $425,000. DOJ "Tennessee Man Pleads Guilty to Unauthorized Access of Former Employer's Networks," www.justice.gov (Apr. 14, 2017).


Commentary

Although the press release from the Department of Justice is silent on how the former employee accessed the computer system, a strong possibility is that he was given credentials when he was an employee and the credentials were never revoked.

Another possibility is he stole credentials and impersonated another user when illegally accessing the system. As for the unauthorized email access, he used a colleague’s password.

Most employers know to deny access to employees prior to their leaving employment. However, all access points must be audited after a termination to make certain the former employee does not have another route into your system, including using access points and credentials of existing employees.

Unauthorized use is often discovered by auditing log-ins not credited to the user, especially at night or during off hours. Another best practice is to ask employees to change their credentials every 90 days at a minimum or immediately after an employee with access leaves and to never share their password with anyone, including other colleagues.

Below are some links to articles with additional information on passwords.

“I've Been Hacked. How Did They Get My Password?”

"’123456’ And Other Password No-Nos: Do You Use Weak Passwords?”

Finally, your opinion is important to us. Please complete the opinion survey:

Are you a new user?

Register Here

 

Retrieve Password

Recent News

Post-Hire Background Checks: The Numbers And The Risk

A new survey shows that very few employers perform post-hire background checks. We examine the numbers, but also the risk post-hire background checks present for employers. Read More

Financial Wellness Programs Are Growing In Popularity: What Are The Risks For Employers?

New study shows financial wellness programs are becoming more prevalent and important to employees. We examine the statistics and the EEO risks for employers. Read More

When Former Employees Access Your System: The Risk For Employers

A former employee, now a rival, pleads guilty to unauthorized access of his former employer's computer system. We provide the facts and some insight on what employers should consider. Read More

Recent Articles

Catching A Liability Fever From Your Wellness Plan? One Employer's Hard Lesson

An employer terminated an employee for failing to use its wellness program. Jack McCalmon examines the facts, the settlement, and future litigation implications for employers. Read More

Telecommuting: Is It A Good Idea? You Make The Call

Everyone agrees there are pros and cons to telecommuting. We want to hear from you and ask you to make the call. Join the conversation at #WorkFromHome. Read More

Largest Ever Global Ransomware Attack: What You Need To Know Right Now About Ransomware

The "WannaCry" cyberattack affected hundreds of thousands of computers. Learn how to avoid becoming a victim of ransomware. Read More