If a member of staff leaves your business on bad terms, they may think about getting some sort of revenge. If that person has IT skills, or was one of your IT team, they may do what Adam Georgeson did. We’re sharing this with you so you can see the risk and assess whether you are suitably protected from revenge hacks…
What is a Revenge Hack?
A sacked school IT Technician who took revenge by deleting data and sabotaging his old school’s network (and by wiping the computers of everyone who was logged in) has been jailed.
As reported on Leicestershire Live, a court was told that Adam Georgeson, 29, who was dismissed from his job as an IT Technician last January at Welland Park Academy in Leicestershire, took revenge by hacking back into the school system and deleting data.
School Network Sabotaged
In the attack, Mr Georgeson sabotaged his old school’s network, thereby taking it offline for 10 days. This meant that staff were forced to work long overtime hours without payment to try and rectify the problems. Also, the attack meant that 4 staff members were unable to resume working remotely for nearly four months!
Personal Devices of Pupils Wiped
The other particularly distressing aspect of the attack was the wiping of any devices that were connected to the school’s network at the time. This meant that at least 125 devices, including those belonging to 39 families and computers at the school, had their files completely wiped. This meant the loss of personal family photographs for example, as well as important work and study files. It was reported that the school had to spend £15,600 to restore the system. This spending also meant that cutbacks had to be made on school spending elsewhere, thereby magnifying the impact of the attack.
Some of the losses reported in the attack, highlighted in personal impact statements, included:
- A full-time student, in the second year of university studies losing most of her work from the preceding 18 months, leading to her failing an exam.
- A father-of-three losing 1,000 family photographs.
- An assistant headteacher losing learning-related materials and all of his son’s GCSE coursework.
Not The Only Attack
Mr Georgeson is also reported to have carried out another cyber-attack a few months earlier on a former employer’s business. The attack on Rutland-based Millennium Computer Services, from where Mr Georgeson had been dismissed for misusing the company’s credit card to buy personal computing equipment (without permission) caused chaos to the company’s computer system, putting it out of action for 8 days.
The court was told that Mr Georgeson’s actions were the result of a crisis of depression and anxiety. The Judge, however, ruled that the motivation for the attacks were spite and revenge. After pleading guilty to two counts of unauthorised modification of computer material under the Computer Misuse Act, Mr Georgeson was jailed for 21 months.
What Does This Mean For Your Business?
This case highlights the need for businesses and organisations to have procedures and systems in place for dealing with and minimising some of the risks associated with employee exit. Although this case sounds exceptional and the former employee was found to be responsible due to malicious hacking, it should also be noted that businesses and organisations have a legal responsibility to ensure that security levels are maintained with regards to data security, and this also applies to employee exit (i.e. ‘insider threat’). In order to reduce this kind of threat, areas that businesses and organisations need to address as soon as a staff member leaves could, for example, include:
Revoking login details and rights/permissions for company computer systems and networks is absolutely the first thing you need to do when someone leaves. The second step is revoking access to the CRM, thereby protecting data relating to the company, its customers, its other stakeholders, sales, communications and more. Stop access to collaborative working apps/platforms and shared, cloud-based, remote working platforms e.g., Teams or Slack.
Let people know they’ve left
Particularly if the person leaving is customer-facing, changing the person’s personal voicemail message on the company phone, and putting an auto-response on their email, will quickly let others know who they now need to talk to.
Immediately letting the team/person responsible for IT security know that a person has left, particularly if the person left ‘under a cloud.’
Company Devices need to be returned
Ensuring that the departing staff member returns all company devices. This means having procedures in place to keep a record of which company devices have been allocated to each employee.
- Retrieval of any backup/storage media e.g., USBs may also help to prevent some security threats.
- If they have been working on their own devices (BYOD), you need to be able to wipe that data. You can see more about this in a recent blog here.
- Making sure that all company-related keys, pass cards, ID cards, parking passes, and any other similar items are retrieved.
- Retrieving any physical documents that the employee was issued e.g., a handbook that contains information and data that could threaten company security.
Protecting your business from employees isn’t something that many think about, but, unfortunately, it is absolutely something that needs to be thought about. Revenge hacks can cause a lot of damage, as the above example shows.
If you need advice, or help, with this, call us now on 020 7227 9700 or click here and we’ll call you
The core of this article was originally published here.