Imagine the following scenario; Ten years ago you decided to
quit your job and start your own company. For ten years you
worked hard, made sacrifices, and it paid off in the end.
One of your first employees, a loyal, hard working employee
has been by your side the whole way.
Things were going great. Until about eight months ago.
All of a sudden, clients whom you had worked for for years
were not returning your calls or e-mails. Then, sales from
your online products site started dropping dramatically.
One day, out of the blue, that long time devoted employee
did not show up for work, nor would they return any calls.
What you did not know was that employee who you trusted with
your life had spent the last eight months intercepting /
reading all your e-mails, installing monitoring software on
your computers to watch everything you do, contacting
clients without your permission with the explicit purpose of
feeding them false information. The employee was downloading
all proprietary code for you online products store, setting
up a duplicate site on another server, and taking orders for
those products.
In another recent case, an employee of an institute of
higher learning was threatening to blackmail the executive
staff. They had been notified that any action taken against
the individual would result in loss of large amounts of
critical data and negative publicity. We were hired to
determine the validity of the threat and to collect evidence
for possible legal action. What we found was quite
disturbing. The suspect employee had installed logic-bombs
throughout the organizations network. These logic-bombs
required specific action be taken every 48 hours by the
suspect employee. If the employee did not perform a
specific task within the allotted time, for instance, if he
/ she had been terminated, the logic-bomb would execute.
There was much more to this story and none of it was
positive.
You have just been the victim of corporate fraud
------------------------------------------------
But how could this happen to you, and by someone who you
trust? It happens more frequently then you know. If you
can gather enough evidence and convince the District
Attorney to take action you might only have to spend $20,000
to $50,000 to sue this person. On the other hand, if you
can't get the District Attorney involved, it may cost you
hundreds of thousands of dollars, and you won't know what
the outcome is until it's all over!
A Few Things You Can Do
-----------------------
These are not fictional stories and everyone is equally at
risk for such an event. Make sure you have strict controls
and guidelines to keep your business safe. Any proprietary
information, whether it be code, sales information, client
lists, or financials should be well guarded. Obviously this
information must be shared with others in your organization,
but it can be done so with audit trails. As a business
owner you should know who has access to what, when, and
how.
The objective of this article is not to make people
paranoid; its purpose is to promote awareness. Most people /
employees are law abiding and productive, but don't make the
mistake of letting your guard down.
About The Author
----------------
Darren Miller is an Industry leading computer and internet
security consultant. At the website -
http://www.defendingthenet.com you will find information about
computer security specifically design to assist home, home
business and small business computer users. Sign up for
defending the nets newsletter and stay informed and empowered
to stay safe on the Internet. You can reach Darren at
mailto:darren.miller@paralogic.net or at
mailto:defendthenet@paralogic.net