ACE and Chubb are now one.
 
 
ACE has aquired Chubb, creating a global insurance leader
that will operate under the renowned Chubb name.
Learn More Not Now
print   email   Share

When Former Employees Access Your System: The Risk For Employers

A Tennessee man pled guilty to intentionally accessing a competing engineering firm's computer network without proper authorization. He did it for the purpose of stealing trade secrets.

Jason Needham admitted that for more than two years, he would access the servers of his former employer to download engineering schematics and more than 100 documents. Needham also accessed the emails of a former colleague at his old firm in order to see marketing plans, project proposals, fee structures, and other documents in the company's internal document sharing system.

His unauthorized access and downloading involved proprietary business information worth approximately $425,000. DOJ "Tennessee Man Pleads Guilty to Unauthorized Access of Former Employer's Networks," www.justice.gov (Apr. 14, 2017).


Commentary

Although the press release from the Department of Justice is silent on how the former employee accessed the computer system, a strong possibility is that he was given credentials when he was an employee and the credentials were never revoked.

Another possibility is he stole credentials and impersonated another user when illegally accessing the system. As for the unauthorized email access, he used a colleague’s password.

Most employers know to deny access to employees prior to their leaving employment. However, all access points must be audited after a termination to make certain the former employee does not have another route into your system, including using access points and credentials of existing employees.

Unauthorized use is often discovered by auditing log-ins not credited to the user, especially at night or during off hours. Another best practice is to ask employees to change their credentials every 90 days at a minimum or immediately after an employee with access leaves and to never share their password with anyone, including other colleagues.

Below are some links to articles with additional information on passwords.

“I've Been Hacked. How Did They Get My Password?”

"’123456’ And Other Password No-Nos: Do You Use Weak Passwords?”

Finally, your opinion is important to us. Please complete the opinion survey:

Login

Log-in to access Training Modules, Article Archives, Model Policies and more!

Latest Numbers

Unemployment Rate

4.3% in Jul 2017

Payroll Employment

+209,000(p) in Jul 2017

Average Hourly Earnings

+$0.09(p) in Jul 2017

Employment Cost Index (ECI)

+0.5% in 2nd Qtr of 2017

Productivity

+0.9% in 2nd Qtr of 2017

Source: Department of Labor

Chubb Offers for Employment Practices Liability (EPL) Insured:

Loss Prevention Reimbursement Credit

HR Acuity On-Demand

Best Practice Minute

Available presentations

What's New

New Malware Families Identified: Why A Multi-Level Defense Is Important

DHS officials warn organizations about a malware family that is targeting multiple industries. Read about this risk and some best practices for malware defense. Read More

In a Competitive Recruiting Environment, Many Employers Offer More Benefits

A survey shows most organizations now offer health care for spouses, flexible work time, and other employee benefits. We examine the risk. Read More

Traveling? Why You Should Avoid Public Wi-Fi

A new survey finds we use our mobile devices despite of, and disregarding, the security risks. Here, we examine the risk public Wi-Fi presents travelers. Read More