Need Another Reason to Remove User Accounts?

Luis Robert Altamirano was charged with computer fraud and sentenced to 18 months’ imprisonment, three years of supervised release, and a fine of $50,000.    Altamirano was employed as a computer specialist from July to December 2007 by United Way of Miami-Dade (UWMD).   Approximately one year after he left UWMD’s employ,   Altamirano accessed United Way’s network without authorization.  He deleted multiple  files from the organization’s servers, and disabled the voice mail system. He was able to prevent callers from leaving messages for and prevented UWMD employees from accessing their voice mail accounts. Special Agent in Charge John V. Gillies, “As illustrated by this case, computer intrusions are very damaging to businesses. “

How did Altamirano accessed the system? Accessed his former user account or another account in which he knew the password? Were the accounts ever disabled or deleted?  It is important for any business to regularly review all user accounts for computer systems, voice mail systems, and building security systems. User accounts should be disabled immediately upon notice that an employee is leaving the organization. The next step, the user accounts should be deleted within the next three months to ensure that access privileges are denied.   Auditing user accounts is an important housekeeping task for technology department and is an easy way to protect a business from hostile or curious ex-employees.

To read more about Altamirano, check out the Department of Justice Press Release: