- Tim Busco
Internal IT, The Risks
I found this story interesting because it was about an internal IT employee. For supporting the company employees, he was given the passwords and network credentials for them. This would allow him to remotely access their computers to address technology issues. With that access, he started to read the emails of the CFO and others to learn about business deals before they became public. With the information, he was able to make a profit with the stocks that he purchased. In two years he made $330,000. After he had left the company, he was still able to access the accounts because he had also taken a company laptop which allowed him to access the company's network. The company discovered unauthorized access through enhanced monitoring practices. They then notified the FBI.
The company could have stopped this from happening if the first thing was not to give out the account access to the IT team. With a policy of changing passwords often would have made it harder for him to access the accounts. The remote access set up should have been changing so even with a company laptop; he should not have been able to access the network.
