Threat Level: green Handler on Duty: Tom Webb

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

How Good is your Employee Termination Policy?

Published: 2011-06-22
Last Updated: 2011-06-22 22:22:27 UTC
by Guy Bruneau (Version: 1)
21 comment(s)

A former employee of Baltimore Substance Abuse Systems Inc. compromised his boss’ computer during a presentation and replaced some of the content with pornographic material. It is customary to have policies in place that require terminated employees to be escorted out of the building by either a security officer or member of upper level administration.

However, when it comes of terminating employees, this case highlights the importance of having a solid corporate termination policy. The actions of this former employee embarrass the company during a presentation but what if he would have deleted business critical data and trashed the backups? Or copied the business critical data (i.e. financial data, client credit card data or employees’ information) and sold it to the highest bidder?

It is important to have a policy for limiting access to corporate technical resources after an employee has been terminated. Some basic step include: disabling user account(s), changing or locking all the passwords the former employee had access to, disabling corporate e-mail access and locking down access to their personal workstation.

An email from HR using a pre-configured template to all key stakeholders with a mean of reporting back to HR, confirming the work has been completed, would help prevent this kind of malicious activity. Of course, the account(s) should be monitored to detect potential unauthorized access. Do you have similar horror story to share?

[1] http://www.dailymail.co.uk/news/article-2006962/Fired-IT-manager-hacked-companys-swapped-boss-digital-presentation-porn.html?ito=feeds-newsxml
[2] http://www.baltimoresun.com/news/maryland/baltimore-city/bs-md-ci-computer-hacking-sentence-20110621,0,857376.story
[3] http://nakedsecurity.sophos.com/2011/06/22/hacker-ceo-presentation-porn/
 

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

21 comment(s)

WordPress Forces Password Reset

Published: 2011-06-22
Last Updated: 2011-06-22 00:24:16 UTC
by Guy Bruneau (Version: 1)
2 comment(s)

WordPress is currently investigating a series of "[...] suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory." [1]

If you have a WordPress.org, bbPress.org and BuddyPress.org account, you will be required to choose a new password. You can change your password here.

[1] http://wordpress.org/news/2011/06/passwords-reset/

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

2 comment(s)
Diary Archives