We’ve said it before and we’ll say it again – disgruntled, former employees pose a major risk to your network. If you’ve been following the headlines this week, you know why we’re bringing this up again.
A former IT employee at Gucci was charged with remotely taking over the haute-couture company’s computers, shutting down servers, and deleting emails, the Wall Street Journal reported yesterday. According to the WSJ, here’s what’s happened:
Sam Chihlung Yun, 34 years old, allegedly created an account in the name of a fictional employee and used it to access the company’s network after he was fired in May 2010, prosecutors said. He allegedly caused more than $200,000 in diminished productivity, as well as remediation costs, prosecutors said.
Now Mr. Yun is being charged with a 50-count indictment for unauthorized use of a computer, unlawful duplication of computer-related material, among other charges. So, how did he do it? InformationWeek is reporting that Yun created a VPN token in the name of a fictional employee, then when he was fired he used this USB-based token to gain remote access. In the aftermath of Yun’s attack in November, Gucci staff were not able to access any documents, files, or materials saved anywhere on its network.
Frightening, right? So what can you do? Review your user log carefully and often – if you spot a red flag, investigate. Also, make sure all former employees are completely provisioned off the network and reset all the passwords and access rights following their departure.
Gucci was lucky enough to catch and prosecute its culprit — but the fashion giant would have been luckier if it had stopped the breach before it even happened.