Another blow has been struck to US companies wishing to do business in the European Union, as the ‘Privacy Shield’ regulation which allowed EU citizen data to be transferred to and processed in the US has been deemed invalid by the European Court of Justice. Privacy Shield was itself designed to replace an older data transfer mechanic/regulation called ‘Safe Harbor’, which also met the wrath of European lawmakers back in 2015.
A 58 year old woman in the UK has become one of a handful of people ever convicted under the Computer Misuse Act 1990 after committing an act of ‘revenge’ against a former business associate, causing a new company to cease operations and lay off staff.
The woman, Danielle Bulley, was formerly a director at successful UK-based property magazine Property Press, alongside co-director Alan Marriott. When Bulley and Marriott fell out in 2018, Bulley left the company and Marriott started a new venue called Letterbox Productions – using former assets from Property Press.
After Property Press went into liquidation, Marriott started a new company called Letterbox Productions without Bulley – however the new venture used former Property Press assets.
Upon learning of the new company and angry at her former co-director, Bulley engaged in a revenge mission to gain unauthorised access to its Dropbox account and spent hours deleting the contents. Over 5,000 files were permanently erased, causing damage to Letterbox Productions so great that it could no longer function and had to shut down, laying off all its staff in the process.
Bulley admitted to deleting the files when speaking to authorities, stating that she believed she was entitled to do so, but acknowledging that she knew the move would cause harm to the fledgling business.
Bulley was sentenced to an 18 month community order with 80 hours of unpaid work under the Computer Misuse Act 1990, becoming one of only a handful of people to be convicted using the legislation. Bulley had no previous convictions or offenses.
In a statement from the North Yorkshire Police’s Cyber Crime Unit, Detective Constable Steven Harris said “During our investigation, it became clear that Bulley had left the original company on a bad note, but the deletion of thousands of files containing vital information was catastrophic for the victim.”
“It dealt the new business a blow from which it never recovered. Ex-employees can pose a serious risk to a business because they are familiar with the company’s IT infrastructure and procedures. This can make it easier for them to carry out cyber crimes against their former organisation.”
“We encourage businesses to ensure they have policies in place for removing user accounts and changing passwords when an employee leaves an organisation.”
The incident highlights the need for strict user access controls and stringent leaver procedures along with regular backups to another secure location. As the North Yorkshire police rightfully pointed out, former employees pose a unique threat in that they have inside knowledge of the business and are familiar with its infrastructure, especially if they are in high-level positions or sensitive departments such as finance or IT.
When a user leaves, their accounts should be disabled and their passwords changed. Where possible, multiple users should never share login details for generic/shared accounts – if this cannot be avoided, then the password must be changed whenever users leave. Multi-factor authentication should be used where possible to prevent unauthorised access.
And of course, if you are angry at a company you used to work for, we strongly advise against committing criminal acts which will only make the situation worse for everyone.
Judge Simon Hickey noted that Bulley was a respectable woman who had acted on impulse and lost her good character to chase revenge.
Microsoft has released a statement warning users to stay vigilant of phishing emails, as a malicious campaign has been detected which tricks users into downloading an Excel sheet containing harmful software. The criminals responsible are taking advantage of the confusion around Covid-19, as many others have been doing lately, to convince users that the emails are genuine and to enable macros within Excel once the file has been downloaded to their computer.
Just a few months ago, it would be unimaginable that so many of us would be working from home. While more and more companies had been allowing some users to work remotely to some degree, the situation that we now find ourselves in is that a significant chunk of the workforce is now working from their homes, on very short notice.
As the Covid19 pandemic grips the world, cyber criminals have seen this increased online activity and confusion as an opportunity for them to take advantage of, and have stepped up phishing and scam attacks. We’ve already covered some of the main threats to look out for in another article, but now we’d like to share some of our tips on making sure you protect your company and your family’s data while working from home.
Here at Tech Guard, we’ve come up with a handy list of our top security tips for those who find themselves suddenly working from home.
These are undoubtedly strange times we are living in, with unprecedented changes taking place in our lives all over the globe in order to fight the pandemic that is Covid19. Suddenly, a sizeable chunk of the workforce is working from home, in many cases for the first time. Companies are scrambling to put in place plans to accommodate this, working out whether to allow users to use their own devices, or provide company laptops or desktops for any displaced staff. Moreover, many people are out of work altogether and confined to their homes, spending significantly more time than usual browsing the internet, looking for the next clue online that will bring some certainty to their lives around the crisis they are living through.
With such a shift in online activity comes great challenges for technology companies and IT teams in ensuring their users are safe and their precious company data is secure – meanwhile cyber criminals have seen crisis as opportunity; the misfortune of others is a chance for them to take advantage of the confusion and make some extra money.
The Covid19 pandemic is the perfect storm for cyber criminals to up the ante. Confusion reigns among users and misinformation is rife. Users who would normally be at work are now accessing the internet from home devices, which typically are not sitting behind the advanced firewalls, email filters and policies put in place by their organisations to protect them against malicious activity.
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.