That was a hard lesson learned by the management at Voova, a marketing and software company based in the U.K.  Back in 2016, Voova terminated an IT staffer, and paid a big price.

The employee, 36-year-old Steffan Needham, was let go due to "poor performance" after only four weeks on the job. But the reasons why he was let go aren't important. The aftermath is. That's because the company left itself -- and its data -- exposed. Needhan -- remember that he's an IT guy -- was still able to access the company's systems soon after being terminated, because he'd stolen a fellow employee's login credentials. The fellow employee was nicknamed "Speedy" Gonzalez. (I include that part only because it's kind of funny.)

But nothing else about this story is. After gaining entry to Voova's network, Needham wreaked havoc, "torching" the Amazon Web Services computers which hosted the company's main business applications and data.

According to a report in Naked Security, Needham "got busy" by fiddling with account settings and then deleting each of the company's AWS servers. As a result, the company lost "big contracts with transport companies" to the tune of £500,000 (about $700,000 at the time). Unfortunately, the company was unable to recover the deleted data.

Needham was ultimately tracked down and arrested, and he was found guilty of the crime this past month. He's now serving two years in jail. I'm sure the company would rather have the data (and its customers) back.

Could Voova have avoided this crisis? Yes, and the solution would have been simple: a 2FA (two-factor authentication) system. By implementing this system, when Needham logged into the system a text message would've been sent to Speedy's smartphone also asking for permission to login, and presumably Speedy would've alerted management of the intrusion. That didn't happen.

For business owners of all size, whether you've got your data in-house or using a third party to host it, the lesson is clear.

Have a plan for when employees leave, of course. But also make sure your systems are locked down with 2FA security now. Most application and hosting providers provide this option. To me, it's not an option. That's because doing so will not only protect your business for if an employee leaves, but it will also provide a very necessary additional layer of security for everyone else. 

Correction: An earlier version of this article misspelled Steffan Needham's last name.

Published on: Mar 28, 2019