A Warning to all CEO’s

Ctrl IT
Ctrl IT
Aug 29, 2017 · 3 min read

Do you find your IT specialists and other industry experts are repeatedly reminding you to be vigilant when it comes to network security, confidentiality and restrictive access? Many CEOs can adopt a rather blasé attitude when it comes to actually implementing these policies but there are times when news stories remind us just how important IT security is, both internally and externally.

Lucchese Bootmaker, a high-end retailer and manufacturer of boots based in Texas, was targeted by the company’s former IT system administrator, Joe Vito Venzor. Disgruntled at having been fired, on September 1st 2016 Venzor used an active administrative account, ‘elplaser’, he had previously created on the company’s computer system to shut down the email and application servers and delete the system files which would be required to restore everything to their previous state. He changed a number of employee passwords and login details so his fellow IT administrators and other employees would be unable to counteract his moves. Venzor sent a file containing the login details of other employees to his home email address, a subsequently incriminating piece of evidence.

It took over an hour to physically remove Venzor from the building after he had been notified of his dismissal. However, the clean-up of his technological sabotage took far longer. The factory’s production line was stalled as was all activity in the warehouse and their distribution centre. Former colleagues of Venzor attempted to undo the damage he had caused but after three hours they sent home 300 employees because the company was simply crippled by the failure of their entire system. The estimated loss of sales for Lucchese Bootmaker was $100,000 and additional costs were incurred trying to get the IT systems restored over the coming days.

Venzor was immediately suspected of the attack. Further investigation discovered not only the login details on his home email account but also evidence that the attack had originated using the rogue ‘elplaser’ backdoor account, stemming from his work computer which was password-protected. In court on March 30th 2017, Venzor pleaded guilty to the charge of ‘transmission of a program to cause damage to a computer’. He will be sentenced later this year but is expected to receive up to a 10-year prison sentence and a fine of up to $250,000 to be paid to Lucchese Bootmaker.

We all want to believe that no one employed by us would be capable of such malice but this is a risk no CEO should take. Even if staff or former staff are not as technologically adept and ruthless as Venzor, they can still cause considerable damage. IT administrators are, incidentally, the biggest risk when it comes to threats from employees. Forcepoint recently released some statistics which showed 29% of employees in European companies had deliberately sent information to people not employed by the company with another 15% people taking critical business information with them when they moved jobs and a further 59% intending to do so as and when they do move. Every CEO needs to protect their company and themselves against these acts. Even if not intending to damage the business, the flippancy regarding sensitive data revealed by this survey shows former employees can be a liability.

Whenever an employee leaves (voluntarily or otherwise) implement the following processes at your company:

  • Ensure all access rights are revoked to servers and cloud host systems (Google Drive/Dropbox etc.)
  • Change passwords to systems and codes to the building
  • Retrieve their work laptops, tablets and/or mobile phones
  • Retrieve all USB sticks
  • Remind all staff to be vigilant when communicating with the former member of staff
IT Specialist
)
Ctrl IT

Written by

Ctrl IT

Here at CTRL I.T. we are proud to offer superior IT support to home users and businesses, both big and small.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade