HealthcareInfoSecurity reports that a former executive of a health care product packaging company has been sentenced to one year of prison and ordered to pay $221,000 in restitution after pleading guilty to a charge of reckless damage to a protected computer. After being terminated from his job, the former executive deleted and modified the firm’s electronic shipping records with a previously created fake account, causing delays in deliveries during the COVID-19 pandemic.
The publication turned to privacy, cybersecurity and data strategy attorney Jason G. Weiss for his thoughts on the matter. Weiss emphasized the need for companies to audit user accounts, especially those with privileged access.
“They need to audit all user accounts from time to time to make sure that every account is properly accounted for and each account relates to a current and active employee,” he said. “All accounts that cannot be accounted for must be immediately disabled and taken offline.”
Weiss added that too many companies focus their IT defensive resources on preventing outsiders from beaching their network but looking internally is just as important.
“Organizations must take critical steps to help prevent a former employee from accessing company computers using fake user accounts created before the individual’s job termination,” says Weiss. “An overwhelming number of cyberattacks either happen directly from an insider or with the help of an insider at a company,” Weiss noted.
Additionally, Weiss said that organizations must also be aware of other types of insider threats – like employees introducing malware or other types of backdoors into a company network for later use.
Weiss advised that organizations “have a system in place that prevents most employees from accessing parts of the network they don’t need, greatly limit administrative access to a select few, conduct random audits and − the most important rule of all − ‘trust but verify.’”