Share:
When a spy takes over IT at your company
John is my “IT Genius.” I trust John, and that’s how it should be when you hire someone who works in IT. They have access to everything.
It’s also the reason North Korean IT workers are infiltrating American companies. Read on to learn how this works. If you know someone who hires IT folks, be sure to share this important information with them by tapping the social media and email icons at the end.
What you see may not be what you get
The U.S. Treasury Department and the FBI have a warning for anyone hiring for IT positions. Dozens of Fortune 100 companies have unknowingly brought on North Korean IT workers pretending to be Americans.
Backed by the North Korean government, they apply for jobs using stolen identities, leaving a trail of seemingly legitimate info that passes through HR without a hitch. Their applications may even include AI-enhanced photos.
Once they’re hired, usually working remotely, they hide their actual locations by using VPNs or falsified IP addresses to make it appear they’re based in the U.S. In many cases, their earnings go right back home to fund North Korea’s weapons programs.
‘The Supreme Leader is my real boss’
In May, federal prosecutors charged an Arizona woman who helped North Korean operatives impersonate U.S. citizens. All told, the scheme led to inside IT jobs at more than 300 American companies, including many in the aerospace and tech industries.
If you think your company’s HR team is too sharp to be deceived by a fake applicant, think again. This summer, a big security software company, KnowBe4, was duped into hiring a North Korean tech worker. Their HR department believed they’d onboarded a qualified U.S. IT specialist.
Nope — it was someone using the stolen identity of a U.S. citizen. The man passed multiple rounds of video interviews, and standard background checks verified his (stolen) identity as legitimate.
The company only realized something was up when the guy installed malware on a company-issued Mac. It was likely an info stealer, a program designed to extract data stored on web browsers or gather information left on the device.
Do your homework
Here’s how to spot a phony candidate during the interview process, along with some new-hire red flags:
- Amp up your interviews. Use a background check service that includes biometric confirmation. Even for remote positions, you want to chat with the candidate and see how they react in real time. A long lag before their responses could mean someone is feeding them answers.
- Start slowly. If you bring on a new IT person, don’t give them immediate, full access to all your company’s sensitive data. Their accounts shouldn’t get full remote administration access until you trust they are who they say they are.
- Keep an eye out. Consider installing software that monitors their activity and alerts you of any strange behaviors, like accessing restricted files or downloading files en masse.
What to do when your IT person leaves
If you’re saying goodbye to an IT person, don’t leave anything to chance. An IT employee likely had access to the heart of your business — every server and database, as well as sensitive customer data. So, when they walk out the door, make sure you’ve covered all your bases.
Step 1: Cut all access immediately. This doesn’t just mean changing a password or deactivating an email account. We’re talking about a full lockdown — email accounts, shared drives, admin portals and any cloud tools your ex-IT person touched. Leaving even one account open can expose your business to big risks.
Step 2: Collect devices and wipe them clean. Retrieve every company-owned laptop, phone or tablet you can and wipe them securely.
Step 3: Update every admin password. Your IT person likely had the keys to your kingdom. Now that they’re leaving, change those locks! Update your administrator-level passwords across all your systems, from servers to CRM tools. And don’t forget your VPNs and single-sign-on (SSO) accounts — leaving just one unprotected is like leaving a window open.
Step 4: Set up monitoring for post-exit activity. Sometimes, an ex-IT person might try to log back in after they’ve left your company. Set up monitoring to catch any unusual login or access attempts from their previously used accounts or devices. This can give you peace of mind and show you if anything was overlooked.
Step 5: Keep a paper trail. Document every action you took to protect your data after your IT person left. If things get messy down the road, having a clear record of your security steps can save you from a major headache.
With these steps, you’re protecting your data, your customers and the business you’ve worked so hard to build. When it comes to tech security, don’t leave a single door open — take control and keep your business safe!
🥜 True story, there’s a school called the National University of Science and Technology. It’s not called the National University of Technology and Science — that would be NUTS.
Tags: cybersecurity, hiring, information technology, network security, North Korea
Share: