When Former Employees Access Your System: The Risk For Employers

A Tennessee man pled guilty to intentionally accessing a competing engineering firm's computer network without proper authorization. He did it for the purpose of stealing trade secrets.

Jason Needham admitted that for more than two years, he would access the servers of his former employer to download engineering schematics and more than 100 documents. Needham also accessed the emails of a former colleague at his old firm in order to see marketing plans, project proposals, fee structures, and other documents in the company's internal document sharing system.

His unauthorized access and downloading involved proprietary business information worth approximately $425,000. DOJ "Tennessee Man Pleads Guilty to Unauthorized Access of Former Employer's Networks," www.justice.gov (Apr. 14, 2017).


Commentary

Although the press release from the Department of Justice is silent on how the former employee accessed the computer system, a strong possibility is that he was given credentials when he was an employee and the credentials were never revoked.

Another possibility is he stole credentials and impersonated another user when illegally accessing the system. As for the unauthorized email access, he used a colleague’s password.

Most employers know to deny access to employees prior to their leaving employment. However, all access points must be audited after a termination to make certain the former employee does not have another route into your system, including using access points and credentials of existing employees.

Unauthorized use is often discovered by auditing log-ins not credited to the user, especially at night or during off hours. Another best practice is to ask employees to change their credentials every 90 days at a minimum or immediately after an employee with access leaves and to never share their password with anyone, including other colleagues.

Below are some links to articles with additional information on passwords.

“I've Been Hacked. How Did They Get My Password?”

"’123456’ And Other Password No-Nos: Do You Use Weak Passwords?”

Finally, your opinion is important to us. Please complete the opinion survey:

Select an Industry