The Enemy Within: Disgruntled IT Employee Trashes Payroll Records And Could Get 10 Years
Just when you thought your to-do list already was too long comes the news that a disgruntled IT worker who had bungled his resignation process was convicted of later hacking into and wiping out the company's payroll and personnel files. So we must ask: How prepared is your team for locking out employees in transition?
Just when you thought your to-do list already was too long comes the news that a disgruntled IT worker who had bungled his resignation process was convicted of later hacking into and wiping out the company's payroll and personnel files. So we must ask: How prepared is your team for locking out employees in transition?It's a bizarre story, but one that offers a two-by-four-across-the-face lesson for IT execs who think they've already got more than enough to worry about. Because just as we've all had to deal with software that does unexpected and unpleasant things, we also see lots of equally baffling developments that underscore the need to be on full alert for unpredictable and sometimes-destructive behavior from humans as well as from code.
According to our sister site Dark Reading, an IT guy looking to resign failed to complete some required paperwork and therefore was not eligible for his final paycheck. And so he took it out on his employer.
"[Joseph Patrick] Nolan, a 26-year-old IT worker, resigned from Pentastar on Jan. 15 of this year, according to court documents. He was told that he would not have to work during the two weeks' notice he had given the company -- as long as he signed a separation agreement by Jan. 26, which he failed to do. On Jan. 30, Nolan called Pentastar's human resources department, inquiring about his final paycheck. Nolan was told that he would not receive the check, because he hadn't signed the separation agreement. On Feb. 1, the disgruntled Nolan gained unauthorized access to Pentastar's computer systems and effectively obliterated a drive that contained all of the company's payroll and personnel records, according to court documents.".
Pentastar had to spend about $30,000 to repair the damage caused by Nolan, according to the news story written by Dark Reading's Tim Wilson. While that's not a staggering amount, Nolan's actions nevertheless put the company at huge risk to having those highly sensitive files made public or sold to spammers and phishers and other gutter-lickers. And the company no doubt has had to spend -- and will probably continue to have to spend -- inordinate amounts of time and money to deal with very legitimate employee concerns that their highly sensitive personal information is not at risk to future exposure.
Clearly, the blame for this act falls 100% on the shoulders of Nolan: as the court documents show, he simply failed to sign a document that would have given him two weeks' pay. But where does the responsibility lie for securing the company's systems so that an ex-employee with an ax to grind couldn't gain access to confidential company information? Is it the CIO, for not enforcing appropriate security measures across the company? The HR department, for not escalating the potential problem at the time the disagreement arose? And since that ship's already sailed, perhaps the more-important question is this: How locked-down are your systems from the enemy within? Join the Dark Reading discussion.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.