Real World Risk Management Practical HR Resources
welcome
Are you a new user?
REGISTER HERE





RETRIEVE PASSWORD

Why Your Access Control Policy May Be Your Most Important Cyber Policy

A joint investigation by the U.S. Attorney's Office in the state of New York and the FBI resulted in the arrest of an employee at a New York-based technology firm.

According to investigators, the employee abused his position as a senior developer to gain unauthorized access to his employer's computer systems; download several gigabytes of confidential files; and modify other files to conceal the theft. He then posed as a hacker and demanded nearly two million dollars in Bitcoin as ransom. When his employer refused to pay the ransom, the perpetrator released some of the files on a public platform.

The perpetrator, who worked in Oregon, used a virtual private network service to hide his IP address. However, while infiltrating his employer's systems, a brief power outage at his home exposed his IP address, and led investigators to his residence. Within days of the FBI seizing multiple electronic devices, the accused posted reports to the internet, posing as an inside whistleblower, stating the firm's system breach was due to a vulnerability. This misinformation about the situation resulted in a 20 percent drop in the value of the firm's stock.

The accused faces four federal charges and up to 37 years in prison. "Former Employee Of Technology Company Charged With Stealing Confidential Data And Extorting Company For Ransom While Posing As Anonymous Attacker" www.justice.gov (Dec. 01, 2021).

Commentary

Insider cybercrimes are the most dangerous because the perpetrators know the systems and how the employer addresses cyber risks.

To avoid this situation, employers should carefully audit employee and contractor access control.

A simple rule of any access control policy is the fewer people that have access to your sensitive data, the safer your data is, so long as not one person or small group has total control.

As for who has access to what, the policy should only permit access based on what is necessary to perform a job or function. Moreover, if access is only temporary, then controls should be in place to eliminate access once the project is complete.

When an employee leaves your organization, be sure to immediately disable the employee’s systems access regardless of whether the departure was on good or poor terms.

In addition, continually monitor your employees’ patterns of system access, looking for the unusual activity, like an increase in time spent in confidential systems or accessing the system at atypical times of the day.

Finally, your opinion is important to us. Please complete the opinion survey:

War In Ukraine And The Rise Of Destructive Malware

Organizations must implement best practices to protect their network from malicious code designed to destroy data. We look at prevention strategy sources.

read more

White Hat Hacker And Other Security Tips To Protect Your And Your Employees' Data

Although no system is impenetrable, you can mitigate your losses with help from a former cybercriminal. Learn why.

read more

Risk Assessments Necessary To Address Cyber Vulnerabilities

IT security experts discuss motivations and methods behind cybercrime. Understanding the risk specific to your organization is an important element in building your defenses.

read more

Does The "Metaverse" Present More Or Less Data And Other Risks

Organizations are scrambling to join the metaverse, and cybersecurity analysts suggest that in doing so, they may be opening up for more cyberattacks. Learn about the risk.

read more