Imagine the following scenario; Ten years ago you decided to quit your job and start your own company. For ten years you worked hard, made sacrifices, and it paid off in the end. One of your first employees, a loyal, hard working employee has been by your side the whole way.
Things were going great. Until about eight months ago.
All of a sudden, clients whom you had worked for for years were not returning your calls or e-mails. Then, sales from your online products site started dropping dramatically. One day, out of the blue, that long time devoted employee did not show up for work, nor would they return any calls.
What you did not know was that employee who you trusted with your life had spent the last eight months intercepting / reading all your e-mails, installing monitoring software on your computers to watch everything you do, contacting clients without your permission with the explicit purpose of feeding them false information. The employee was downloading all proprietary code for you online products store, setting up a duplicate site on another server, and taking orders for those products.
In another recent case, an employee of an institute of higher learning was threatening to blackmail the executive staff. They had been notified that any action taken against the individual would result in loss of large amounts of critical data and negative publicity. We were hired to determine the validity of the threat and to collect evidence for possible legal action. What we found was quite disturbing. The suspect employee had installed logic-bombs throughout the organizations network. These logic-bombs required specific action be taken every 48 hours by the suspect employee. If the employee did not perform a specific task within the allotted time, for instance, if he / she had been terminated, the logic-bomb would execute. There was much more to this story and none of it was positive.
You have just been the victim of corporate fraud
------------------------------------------------
But how could this happen to you, and by someone who you
trust? It happens more frequently then you know. If you
can gather enough evidence and convince the District
Attorney to take action you might only have to spend $20,000
to $50,000 to sue this person. On the other hand, if you
can't get the District Attorney involved, it may cost you
hundreds of thousands of dollars, and you won't know what
the outcome is until it's all over!
A Few Things You Can Do
-----------------------
These are not fictional stories and everyone is equally at
risk for such an event. Make sure you have strict controls
and guidelines to keep your business safe. Any proprietary
information, whether it be code, sales information, client
lists, or financials should be well guarded. Obviously this
information must be shared with others in your organization,
but it can be done so with audit trails. As a business
owner you should know who has access to what, when, and
how.
The objective of this article is not to make people paranoid; its purpose is to promote awareness. Most people / employees are law abiding and productive, but don't make the mistake of letting your guard down.
About The Author
----------------
Darren Miller is an Industry leading computer and internet
security consultant. At the website -
http://www.defendingthenet.com you will find information about
computer security specifically design to assist home, home
business and small business computer users. Sign up for
defending the nets newsletter and stay informed and empowered
to stay safe on the Internet. You can reach Darren at
mailto:darren.miller@paralogic.net or at
mailto:defendthenet@paralogic.net