14 Nov Forensic IT security – Do ‘insiders’ pose a threat?
Just because someone works for your organisation it doesn’t mean they’re a safe bet. Your staff might disagree with what the way you treat them, treat your customers, your suppliers. They might feel uncomfortable about the direction you’re going in or your products and services. And while some businesses manage to create some form of genuine employee loyalty, for many people ‘loyalty’ is something we only really feel for our friends and family, not the companies we work for. Here’s a salutary tale about insider mischief, a sorry tale starring Donald Trump himself.
Trump’s Twitter account suspended by a staff member
Have you heard about the Twitter staff member who, on their last day with the network, suspended Donald Trump’s account? As it happens the move drew praise and disapproval in equal measure thanks to the US president’s controversial personality, unusual way of doing things and seeming immunity to the rules that ordinary mortals who enjoy the social network have to live by.
At first Twitter blamed human error for the eleven minute long silence. For a while there were rumours that Trump’s account might have been hacked, since he’s famous for poor security standards. In the early days, for example, the president apparently insisted on using his old, unsecured Android phone rather than a secure encrypted mobile approved by the US Secret Service.
It was later revealed that a Twitter staff member on their last day with the network deactivated Trump’s personal account in a deliberate act. Twitter at first claimed it was a matter of human error, then admitted their employee did it on purpose. Now the network is carrying out a ‘full internal review’.
Trump himself Tweeted that the incident was proof that his Tweeting was having an impact. But there have long been strong ongoing calls for Twitter to suspend the president’s account over his inflammatory threats to North Korea, abusive attitude to women and more, all things that many feel he shouldn’t get away with, behaviour that ordinary people’s Twitter accounts are usually suspended for.
The story from the perspective of IT security issues
To us, the story points to a number of failings on both sides. As far as Trump himself is concerned one would hope the incident acted as a shot across his bows, suggesting that security is a lot more important than he currently gives it credit for. It also suggests that a measure of subtlety might be more appropriate for his Twitter activity in future, since outraging the online community can have dire consequences.
At the Twitter end of things it suggests insufficient staff background checks is missing or ineffective staff termination procedures and a severe lack of internal security controls, all of which make Twitter look like a fairly lax company, which would surely in turn worry investors as well as its many high profile and celebrity users. On the other hand the US president is so very unpopular that maybe nothing Twitter could have done would prevent that staff member using their last day at the network to make a very public point.
Could you imagine a staff member of yours resorting to something like this on their last day with you? If the answer is ‘no’, you could end up in big trouble. Where forensic IT is concerned it’s always better to be safe than sorry, always best to expect the worst. If you’d like help securing your IT systems, we’d love to help.