ACE and Chubb are now one.
 
 
ACE has aquired Chubb, creating a global insurance leader
that will operate under the renowned Chubb name.
Learn More Not Now
print   email   Share

When Former Employees Access Your System: The Risk For Employers

A Tennessee man pled guilty to intentionally accessing a competing engineering firm's computer network without proper authorization. He did it for the purpose of stealing trade secrets.

Jason Needham admitted that for more than two years, he would access the servers of his former employer to download engineering schematics and more than 100 documents. Needham also accessed the emails of a former colleague at his old firm in order to see marketing plans, project proposals, fee structures, and other documents in the company's internal document sharing system.

His unauthorized access and downloading involved proprietary business information worth approximately $425,000. DOJ "Tennessee Man Pleads Guilty to Unauthorized Access of Former Employer's Networks," www.justice.gov (Apr. 14, 2017).


Commentary

Although the press release from the Department of Justice is silent on how the former employee accessed the computer system, a strong possibility is that he was given credentials when he was an employee and the credentials were never revoked.

Another possibility is he stole credentials and impersonated another user when illegally accessing the system. As for the unauthorized email access, he used a colleague’s password.

Most employers know to deny access to employees prior to their leaving employment. However, all access points must be audited after a termination to make certain the former employee does not have another route into your system, including using access points and credentials of existing employees.

Unauthorized use is often discovered by auditing log-ins not credited to the user, especially at night or during off hours. Another best practice is to ask employees to change their credentials every 90 days at a minimum or immediately after an employee with access leaves and to never share their password with anyone, including other colleagues.

Below are some links to articles with additional information on passwords.

“I've Been Hacked. How Did They Get My Password?”

"’123456’ And Other Password No-Nos: Do You Use Weak Passwords?”

Finally, your opinion is important to us. Please complete the opinion survey:

Login

Log-in to access Training Modules, Article Archives, Model Policies and more!

Latest Numbers

Unemployment Rate

4.3% in May 2017

Payroll Employment

+138,000(p) in May 2017

Average Hourly Earnings

+$0.04(p) in May 2017

Employment Cost Index (ECI)

+0.8% in 1st Qtr of 2017

Productivity

unchanged in 1st Qtr of 2017

Source: Department of Labor

Chubb Offers for Employment Practices Liability (EPL) Insured:

Loss Prevention Reimbursement Credit

HR Acuity On-Demand

Best Practice Minute

Available presentations

What's New

Post-Hire Background Checks: The Numbers And The Risk

A new survey shows that very few employers perform post-hire background checks. We examine the numbers, but also the risk post-hire background checks present for employers. Read More

Financial Wellness Programs Are Growing In Popularity: What Are The Risks For Employers?

New study shows financial wellness programs are becoming more prevalent and important to employees. We examine the statistics and the EEO risks for employers. Read More

When Former Employees Access Your System: The Risk For Employers

A former employee, now a rival, pleads guilty to unauthorized access of his former employer's computer system. We provide the facts and some insight on what employers should consider. Read More