i-medIT Blog

At i-medIT, we provide a comprehensive range of computer and technology solutions to small business owners and Ambulatory Health Care entities. We specialize in helping companies focus on their business by leveraging IT to serve their goals and objectives rather than being a distraction. Customers come to us for managed services, healthcare IT, project management, IT consulting, HIPAA Compliance, PCI Compliance, server virtualization, and data backup. These core services help our customers run their own companies and take their business goals to the next level.

“It Redirected Where?” -- A Case Study in Security Precautions

“It Redirected Where?” -- A Case Study in Security Precautions

Imagine what it would be like to discover that your website was suddenly redirecting to content that was decidedly more... adult... than what should be representing your business. For a company in Phoenix, Arizona, this was the unfortunate reality after they had let their IT administrator go.

The administrator, Tavis Tso, created a web in which he attempted to snare a client in an extortion scam. After lying to the client, claiming that he didn’t have their credentials to login to their GoDaddy domain registrar account, Tso changed the credentials to the GoDaddy accounts and created a separate Microsoft account that gave him considerable power over his target. His first steps were to block employees from accessing their email accounts and to redirect the company’s home page to a blank webpage. Tso then demanded $10,000 from the company to fix the problem that he had caused.

The company did not comply with his demands.

Once it was clear that the company wasn’t going to cooperate with Tso, the cybercriminal upped the ante. Rather than just redirecting the company’s home page to a blank site, Tso redirected all of the website’s traffic to a pornographic website. This redirect took several days to resolve.

Tso was ultimately sentenced to four years of probation, in addition to $9,145 as restitution for a count of wire fraud. While it is nice that a cybercriminal has been brought to justice, the damage done will be hard to undo, as he had considerable access to his company’s systems.

Would your business be able to recover from an incident like this? A good first step is to ensure your recovery is to reconsider the permissions of the users on your network--and more importantly, the permissions of former users. There is no reason to grant access to your IT where it is not needed, and there is no reason to keep an IT resource on your system once they are no longer part of your organization.

i-medIT can help you to make these changes, as well as many others that will benefit your IT and your network security. Reach out to us at 630-549-6199 to start a discussion.

For Better Business Communications, Choose VoIP
Tip of the Week: Use Google Doc Tables to Organize...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, November 21 2024

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite