A good reminder that former employees pose a big risk; David Palmer, a former IT administrator at McLane Advanced Technologies in Texas, has pleaded guilty to charges of computer intrusion. After his firing, Palmer accessed his former employer's computer system via a backdoor he set up prior to leaving the company. Palmer then erased payroll files belonging to one of his former employer’s customers.
McLane’s experience is not isolated. I have worked with clients reacting to hacks by former employees, using data forensics to identify and obtain a temporary restraining order to prevent the misuse of sensitive company information stolen during the hack. Preventative measures can mitigate these risks. It is important to have a robust termination checklist that includes disabling access of system IDs, exit interviews and for IT employees, scans and review of audit logs to make sure there has been no illegal activity. Ongoing scans also may detect system configuration changes or time-bomb malware installed by an employee as “insurance.”
Visit Techworld's recent coverage for more information: Ex-employee hacks US military contractor's computer systems.