No matter how good your digital security system is, and no matter how much you’ve spent on it, your weakest link is and always will be your employees themselves.
A careless or disgruntled employee can easily circumvent even the most elaborate system and cost you big money in the process.
Fortunately, the courts are coming down increasingly hard on internal hackers. Brian P. Johnson’s case is a perfect example from recent history.
He was an IT professional, working for Georgia-Pacific, who was terminated and escorted from the premises.
Angered at his abrupt termination, over the next two weeks, Johnson used his old accounts to connect to the mill’s network. He caused a variety of damage, in some cases, bringing paper production to a complete halt, stopping work for the plant’s hundreds of employees and costing the company in excess of a million dollars.
The company was suspicious, and got the FBI involved, which ultimately led to a warrant that resulted in a search of Johnson’s apartment.
That search yielded bitter fruit as the officers discovered an open VPN connection to the company’s network, which resulted in his trial. He is now serving more than three years in prison, and the company has been awarded $1.1 million in damages.
There have been relatively few hackers put on trial, but increasingly, the courts have shown a willingness to go after former company employees who seek to damage the companies that once employed them.
Obviously, the hope is that the threat of prison sentences and stiff fines will help dissuade others from pursuing a similar course of action. But, of course, for the impacted companies, the justice comes too late and is small consolation.
One thing that the digital revolution has helped to underscore is the fact that as a small to medium sized business owner, your employees are simultaneously your company’s greatest asset and your biggest potential threat. We have a post on When an Employee Leaves Your Organization for your consideration.