I need some advice on how to handle a delicate situation with an employee. We have an IT technician who's been with us for over 20 years and has recently raised some concerns. After coming back from a long sick leave, he started going through CDs, claiming to verify their contents. However, one of them contained malware (mimikatz), which set off alarms and drew the attention of our security team. When I confronted him, he said he had no idea the malware was on the CD.
Now, his computer has flagged a honeytoken, and there are signs of basic malware, a keygen, and a suspicious filename change on his system. After a full virus scan, the only thing that showed up was a VBS script. I'm concerned he might have deleted the harmful files or set things up to look like a false positive. There's a possibility he's not keeping up with modern IT practices, and I wonder if he might have done something malicious.
I want to conduct a thorough review of his actions and need advice on how to approach this conversation. What questions should I ask him, and how can I ensure the discussion is productive?
5 Answers
If you’re worried he may have intentionally tampered with things, keep in mind that it's also possible his computer is just poorly maintained. I'd start off by getting a thorough cleaning of that machine. In your conversation, approach it calmly and focus on policy compliance. Make sure your expectations are clear!
Has anyone thought about the possibility of simply moving him to a different role if he’s a risk? You might manage access to sensitive systems while figuring out if the PC is still infected. Also, keeping an eye on his account could reveal any more suspicious activity.
Your situation sounds tricky! First off, check your company's run book for handling these kinds of instances. If your policies are clear about what to do when there's potential malware on a device, follow those guidelines. If there's no clear policy, you might actually need to reevaluate how your organization deals with security issues. Ultimately, remember that it's not just about this employee—it's about addressing the gaps in your policies too.
You might want to consider backing up the employee's PC for evidence and then thoroughly wipe it clean. In your meeting, you could discuss the importance of security and how to handle untrusted sources. If you suspect intent to harm, that’s a different can of worms, and HR should probably get involved. But honestly, it seems like he might just be out of the loop rather than malicious.
Honestly, I think you might be dealing with an employee who simply isn’t aware of the risks and has a lot of outdated knowledge. Instead of 'interrogating' him, maybe start by asking him to explain the entire situation, from his perspective. This can clarify if he was careless or if there's more to the story. Having another colleague as a witness during the conversation can also help keep things fair.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures