An insider leaves to set up his own competitive company, and he accesses his former employer's systems to steal intellectual property and marketing plans — for two years. Credit: Thinkstock We’ve written about the insider who wreaked havoc on a company after he resigned. We’ve also written about the executive who is recruited away by a competitor and is alleged to have taken his employers intellectual property (IP) with him on the way out the door. But we haven’t discussed the former employee who resigns to create a company that competes against you and uses continued access to remain competitive — until now. Jason Needham used to work at Allen & Hoshall, a design and engineering company located in Memphis, Tennessee. Needham resigned and co-founded a competing company, HNA-Engineering, but he didn’t leave Allen & Hoshall’s presence. No, he helped himself to the labors of his former employer, and he did it from afar.According to the Department of Justice: Needham admitted to repeatedly accessing, over a nearly two-year period, Allen & Hoshall’s servers to download digitally rendered engineering schematics and more than 100 PDF documents containing project proposals and budgetary documents. Needham also admitted to accessing, on hundreds of occasions, the email account of a former colleague at Allen & Hoshall, which provided Needham access to the firm’s marketing plans, project proposals, company fee structures and the rotating account credentials for the company’s internal document-sharing system. Needham used his unauthorized access to view, download and copy proprietary business information worth over $500,000. That’s a mouthful. According to court documents, Needham left Allen & Hoshall in 2013 and co-founded HNA Engineering (HNA) in Arlington, Tennessee. The GovTribe listing for HNA identifies Needham as the point of contact for “government business.” It’s important to note from the outset, that Needham’s business partner at HNA warned Needham against taking these actions.Needham had normal, authorized access to Allen & Hoshall’s FTP servers during his period of employment. When he left Allen & Hoshall, his access credentials were revoked and terminated (2013). It is not explained in the court documents how, with his access credentials revoked, Needham managed to continually access the FTP servers from 2014 to 2016. According to Allen & Hoshall, those who had access were limited to people within Allen & Hoshall who had a need to know and the client. What is known is Needham downloaded a boatload of data (as detailed above).Needham also accessed the email of a former Allen & Hoshall colleague. Again, the court documents do not reveal how Needham came to have the log-in credentials for the employee’s email. What is known is that via this individual’s email account, Needham had access to the business side of Allen & Hoshall (as detailed above).Strong off-boarding process neededWhat could Allen & Hoshall have done better during the off-boarding of Needham to obviate the risk of his access? The court documents show us that Allen & Hoshall changed their FTP password credentials and that the defendant circumvented the change. One may speculate this access was made possible through his having compromised the email of his former colleague.We don’t know if Allen & Hoshall had data loss protection technologies in place that would have highlighted Needham’s IP address as both unexpected and unauthorized. We do know that when the IP logs were inspected, Needham’s IP address was noted as having accessed the email of his former colleague, thus there were logs present. If the FTP servers and email access required multifactor authentication, would Needham been thwarted? And though malevolent in intent, would he have been denied access from the outset? The bottom line: Your trusted insider is trustworthy — until they aren’t. When an employee leaves, make sure the off-boarding process is comprehensive. And let colleagues and customers know the employee has departed and that access control lists are being adjusted and credentials reissued. Greed is a primary motivator for individuals to bend the rules and purloin the IP of others for their own benefitAnd yes, Needham was sentenced to 18 months in prison, with two years of supervised release, and ordered to repay Allen & Hoshall $173,393.71. Related content news analysis China’s MSS using LinkedIn against the U.S. The head of the U.S. National Counterintelligence and Security Center says China's MSS is using social networks, specifically LinkedIn, to target, access, and recruit U.S. sources. By Christopher Burgess Aug 31, 2018 4 mins Social Engineering Cybercrime Security news analysis Tesla insider with expired NDA spills the tech beans A former Tesla engineer with an expired non-disclosure agreement (NDA) shared inside technical information on an obscure forum, which was quickly shared across multiple social media platforms. By Christopher Burgess Aug 30, 2018 3 mins Risk Management Security news analysis Horizon Air tragedy highlights airline insider threat vulnerability The ease at which a Horizon Air employee was able to steal and crash a Bombardier Q400 turboprop will likely prompt airlines to develop an insider threat mitigation strategy to close this vulnerability. By Christopher Burgess Aug 13, 2018 4 mins Security news analysis How did the TimeHop data breach happen? Compromise of an employee's credentials, lack of multi-factor authentication, and weak insider threat analysis all played a factor in the recent TimeHop data breach in which 21 million user accounts were compromised. By Christopher Burgess Aug 10, 2018 4 mins DLP Software Analytics Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe