Case Study – Business collapses after angry ex-employee deleted every single file

In a recent blog with National CRC Member Redstor, we looked at how employees can be a potential threat to your businesses cyber security. One of the threats we explored was from a ‘vengeful wrongdoer’, an employee, who for whatever reason deliberately wants to cause harm to your business.


You may think that as a small business without many employees it’s unlikely to happen to you, but only last month a woman was convicted after she maliciously deleted all the files of a business which ultimately resulted in its collapse.


The woman was previously a Director of the company but resigned in March 2018. She told police she had been angry with its director, a former business associate.

She knew the password to the main company email account and used this access to force a password reset for the ‘Dropbox For Business’ account where the company held all its documentation including payroll details, design and print material, customer records, and so on.


Then over a period of about 5-6 hours on Bank Holiday Monday in August 2018, she used her unauthorised administrator access to permanently delete every single file that the company held, which was over 5000 documents. To do so she had to remove all other users’ access to the documents, then delete them, and then remove the files from the trash folder so that they were permanently deleted.


The remaining director and company staff came to work the next morning and found that their entire business had effectively been deleted overnight. The company spent £35,000 to try and recreate some of their core data and start trading again but it was not enough to save the business and it collapsed with approximately 60 job losses.


The personal cost to the Director, as he tried to salvage the firm was in excess of £60,000, and the psychological impact was very heavy.

The person responsible for the attack pleaded guilty to three Computer Misuse Act offences and was sentenced to an 18-month community order and 80 hours’ unpaid work.

What steps can you take as a business to prevent something similar happening to you?

  • Make sure you have a robust process for removing user accounts and access when an employee leaves the business no matter how senior they are

  • When someone leaves the business ensure all passwords are changed to areas with shared access, including passwords used to access the website or social media accounts

  • Carefully consider where you store files and who can access them

  • Limit the number of people who can access business critical files which contain personal employee data such as payroll details

  • Backup your important data, and make sure that these backups are recent and can be restored.

  • Consider whether cyber insurance should be part of your cyber security strategy

The SECRC can help businesses ensure they have the right processes in place to mitigate the risks of suffering an incident like this. Our Security Policy Review will help you ensure your policies are modern, robust and aid not just network security, but usability. A report of recommendations based on your current policy and your business are provided at the end of our review.

If you would like further information about how we can support you, get in touch with the team:

https://www.secrc.co.uk/contact-us


South East CRC White copy.png

USEFUL LINKS

CONNECT WITH US

  • LinkedIn
  • Twitter

© 2020 - The Cyber Resilience Centre for the South East