Tech Support Horror Stories: Disgruntled Employee Is Up to No Good


By Karl Bickmore, CEO

This week we continue our series “Tech Horror Stories.” Each post tells the story of a real-life tech-based horror story and explains best practices you can adopt to make sure it won’t happen to you. The names have been changed to protect the innocent. Last week we wrote about an $80K phishing attack. Here, we bring you the story of a disgruntled employee bent on causing harm on his way out the door.

End-of-Year Bonus

As the end of the year approaches, Sarah is excited for the company holiday party. The annual Christmas bonuses will be distributed at the party, and the company did well this year. She and her team have strategically selected several employees to receive a little extra.

David, who works in accounting, is preparing to move on to another job. He hasn’t been happy for a while, and he wants to cause some chaos before he leaves. After all, what can they do, fire him? He knows that his boss, Sarah, has access to sensitive company data, and he also knows right where it is. He just needs to gain access. He waits for her to leave her computer unattended. He knows that when she leaves for lunch, she’ll leave her entire system logged in and accessible. She does it all the time.

David sneaks into Sarah’s office right after she leaves and moves quickly. He finds the secure share folder on the server that she has access to and quickly browses through it, looking for something big. Then, a spreadsheet catches his eye. It’s not even in the secure folder—it’s on her local computer in her “My Documents” folder.

He’s hit paydirt! The spreadsheet lists all of the company’s employees, their salaries and the Christmas bonus they will receive this year. David thinks, Boy oh boy, this will upset some people! He doesn’t want to get caught emailing the file or holding a flash drive, so he quickly shares the folder over the network. Back at his workstation, he finds Sarah’s computer on the network, navigates to the shared folder and locates the spreadsheet.

To anonymize his actions, David creates a new Gmail account. Quickly, he opens a new email and puts as many employee email addresses as he can think of in the “To” line, including himself, so nobody notices he is missing from the list. With file attached, he clicks “Send” and waits for the figurative bomb to go off. And it does, big time.

When we investigated this situation, the company was in a state of chaos. Several staff members had quit, and some had been fired. It took us a while to figure out how the data had been accessed, because nobody new had been given permission to it. Once we found the data share folder and discovered the boss had a copy of the spreadsheet file on her local computer, we pieced it together.

Prevent Attacks Caused by User Error

  1. Ensure that your security policies enforce computer lock after only a few minutes. That way unattended machines left on are locked automatically.
  2. Hold end-user awareness training about the importance of logging out of the system before leaving your computer unattended and not sharing your password.
  3. Set up computer policies that prevent data from being saved on a local desktop or laptop.
  4. Create a system alert that notifies IT every time a new share folder is created in the network.
  5. Encrypt sensitive files with strong encryption that requires additional passwords to open.