Using work computers for personal use can have unintended consequences.
Employers may have added more resilience with the proliferation of Work-From-Home (WFH) strategies, but they also inherited some headaches. Here’s what we mean.
A Scenario That Can Easily Happen To Anyone
Harry had been working from home since the pandemic started using his company-issued laptop to log into the corporate network.
Harry works in the HR department and deals with highly confidential data, so he had admin-level rights to the network. As a result, he often copies classified documents from the server to his laptop to work on them and then copies modified versions back to the server when finished. He knows he shouldn’t do that, but it is easier since he typically works on files over several days.
One Friday night after a long week, Harry’s 12-year old daughter, Nikki, asked if she could use the computer to log onto her school’s website to download assignments for Monday. Covid-19 required all children to work remotely as well.
Although Harry had some misgivings, he thought, “what’s the harm?” and allowed it anyway.
After getting her assignments, Nikki decided to look for cool music videos on the web she could share online with her friends.
Shortly afterward, Nikki came running to Harry, claiming that something was wrong with the computer. Harry rushed in and saw the hideous ransom note on the screen saying all files were encrypted and he had 24 hours to pay the ransom or lose his data forever.
Harry had a sinking feeling in the pit of his stomach because earlier that morning, he downloaded the company’s Payroll file containing names, addresses, pay data, email addresses, and social security numbers. He knew he was in big trouble, so he kept quiet until Monday morning when he came clean with his manager.
Disaster Strikes With Catastrophic Results
The criminals responsible for the ransom demand on Harry’s computer could hardly believe their good fortune. Before sending Harry the ransom note, they downloaded all of Harry’s files.
Criminals are energetic, if anything else, so they didn’t waste time, they infiltrated the corporate network using Harry’s admin account and accessed more confidential documents. They didn’t need Harry’s ransom money—they had bigger fish to fry! They immediately sold the data on the Dark Web.
Then the hackers extorted the company, upping their ransom demand by thousands of dollars, and threatened to expose the data on the web if they didn’t pay up.
Even though they had viable backups, Harry’s company paid the ransom to keep the data off of the internet. But, as we said before, the data was already sold. As the saying goes, “there is no honor among thieves.”
Harry was fired that Monday, but the damage was already done.
What Were The Red Flags?
- Harry was operating his computer with administrative rights rather than using a basic user-level account for everyday work. So, hackers had full rights to the corporate network.
- Harry should NEVER have saved confidential company data on this laptop. All data should be saved to the company’s servers where it could be adequately protected. Allowing files to be copied to individual PCs makes it almost impossible to backup and protect appropriately. This also causes multiple versions of files to exist.
- Harry should never had his daughter, or any family member, use his work computer. Even though the device has the latest security software, users can bypass security measures by clicking infected links or downloading bogus attachments, especially with an admin-level account.
All companies, large and small, need IT policies to govern behavior in addition to the latest cyber tools to protect data. However, management can do very little when an employee disregards the rules and intentionally bypasses policies and security measures.
The only defense against this is monitoring the network for suspicious activity, and once found, remediate as quickly as possible. Additionally, all companies should have a robust Security Awareness Training program to teach employees how to keep themselves and their companies safe.
XSolutions is an IT Services Provider serving New York (NY), New Jersey (NJ), and Connecticut (CT). We provide Managed IT Services | Managed IT Security | Backup & Disaster Recovery| Cloud Data Protection. Call (845) 362-9675 for a free consultation.