Lessons from a $600,000 Cyber Blunder– Protecting Your Small Business

Monday, June 17, 2024

In a world increasingly driven by digital data, cybersecurity is no longer just a buzzword but a fundamental necessity. A vivid reminder of this necessity rolled out in a recent high-profile incident involving National Computer Systems (NCS), where a former staff member, exploiting still-active user credentials, managed to delete all 180 of the company’s test servers, culminating in a staggering $600,000 blow to the firm.


For small businesses and nonprofits, the stakes are uniquely high. Resources are tighter, and recovery from such financial impacts is much more arduous. This very scenario underscores the imperative for robust security systems that are both efficient and manageable.

The Incident at a Glance

The moment Kandula Nagaraju decided to delete NCS's test servers using access that should have been revoked upon his termination, he highlighted a gaping vulnerability that many businesses overlook: access management. His actions not only led to significant financial repercussions for NCS but also put personal data at risk, showcasing a nightmare scenario for any business owner.

Key Takeaways for Small Businesses

  • Insider Threats Are a Significant Risk: While external cyber threats often grab headlines, insider threats can be equally, if not more, damaging. Employees with access to sensitive systems and data pose a potential risk if their access is not properly controlled and monitored.

  • Financial Implications of Inadequate Security Measures: The financial fallout from such incidents can be devastating, particularly for small businesses that may not have the resources to recover easily. The $600,000 loss in this case serves as a stark reminder of the high stakes involved.

Lessons Learned

Importance of Employee Offboarding

  • Properly Revoking Access Immediately After Termination: Ensuring that all access rights are revoked immediately after an employee leaves the organization is crucial. This includes disabling accounts, changing passwords, and retrieving company-owned devices.

  • Implementing Strict Offboarding Procedures: Establishing and following strict offboarding protocols can prevent former employees from accessing company systems and data post-termination. This process should be standardized and automated wherever possible to avoid human error.

Access Control Measures

  • Using Role-Based Access Controls (RBAC): Implementing RBAC ensures that employees only have access to the information necessary for their roles. This minimizes the risk of unauthorized access to sensitive data.

  • Ensuring Least Privilege Access: Adopting a least privilege approach means giving employees the minimum levels of access—or permissions—necessary to perform their job functions. This reduces the potential damage that can occur if an account is compromised.

Lockwell’s Solutions to Prevent Insider Threats

Automated Security Center (A-SOC)

Lockwell’s Automated Security Operations Center (A-SOC) is designed to monitor and detect unusual activities in real-time. By leveraging advanced AI and machine learning, A-SOC can identify potential threats so you can take immediate action.

  • Example of Automated Alerts and Actions: If unusual activity is detected, such as an employee attempting to access restricted areas or downloading large amounts of data, A-SOC will automatically alert administrators and can even restrict access until the threat is assessed.

Team Password Manager 

Ensuring the security of passwords is fundamental to protecting your business. Lockwell’s Team Password Manager  helps enforce strong, unique passwords and integrates multi-factor authentication (MFA) for added security.

  • Regularly Updating and Managing Access Credentials: Lockwell’s password manager ensures that passwords are regularly updated and managed, reducing the risk of compromised credentials.

Threat Intelligence Integration

Lockwell’s threat intelligence tools continuously monitor for compromised credentials and suspicious activities.

  • Proactive Measures: Proactive measures, such as sandboxing suspicious emails and monitoring the dark web for leaked credentials, help prevent threats before they can cause damage.

Wrapping Up

The NCS incident is a stark reminder of what's at stake in the digital world. Insider threats can be just as damaging as external attacks, and small businesses must take proactive steps to protect themselves. By implementing proper offboarding procedures, access controls, and leveraging advanced cybersecurity solutions like Lockwell,you can significantly reduce your risk. Lockwell is here to help small businesses like yours navigate these challenges and ensure you have the protection you need to thrive in today’s digital landscape.