Fired KiranaPro Staff Deleted Entire Code & Data: A Lesson in Security and HR
KiranaPro, a startup that aims to revolutionize the way small and medium-sized businesses manage their operations, has recently faced a week of chaos after one of its former employees deleted all its code and data. The incident was confirmed by the company’s CEO, Deepak Ravindran, and CTO, Saurav Kumar, who attributed the breach to the employee’s access to the company’s credentials, which he still had due to the lack of a full-time HR team.
The incident highlights the importance of proper employee off-boarding and access control, especially for startups that may not have the resources to dedicate a full-time HR team. In this blog post, we will delve into the details of the incident and explore the lessons that can be learned from it.
According to Ravindran, the employee was fired from the company, but due to the lack of an HR team, the off-boarding process was not handled properly. As a result, the employee still had access to KiranaPro’s credentials, including GitHub, which he used to delete the company’s entire code and data.
The CTO, Saurav Kumar, shared a GitHub email that confirmed the employee’s credentials were used for the deletion. The email, which was sent to KiranaPro’s GitHub account, showed that the employee’s credentials were used to delete all the code and data from the company’s repository.
The incident has had a significant impact on the company, with salaries delayed and the team struggling to recover from the loss of data and code. Ravindran described the situation as “a reckoning” for the company, which has been forced to re-build its code and data from scratch.
The incident is a stark reminder of the importance of proper employee off-boarding and access control. When an employee leaves a company, it is crucial to ensure that their access to company resources is revoked immediately. This includes deleting their login credentials, removing their access to company systems and data, and ensuring that they cannot access company property or equipment.
In the case of KiranaPro, the lack of an HR team meant that the off-boarding process was not handled properly, allowing the former employee to retain access to the company’s credentials. This highlights the importance of having a dedicated HR team that can handle employee off-boarding and ensure that access is revoked properly.
Another lesson that can be learned from the incident is the importance of having a robust backup and recovery system in place. KiranaPro’s loss of code and data has forced the company to re-build from scratch, which is a time-consuming and costly process. Having a robust backup and recovery system would have allowed the company to recover its data and code quickly, minimizing the impact of the breach.
The incident is also a reminder of the importance of having a strong security posture. KiranaPro’s lack of security measures, such as two-factor authentication and access controls, allowed the former employee to delete the company’s code and data. This highlights the importance of having a strong security posture, including the implementation of security measures such as two-factor authentication, access controls, and regular security audits.
In conclusion, the incident at KiranaPro is a stark reminder of the importance of proper employee off-boarding and access control, as well as having a robust backup and recovery system and a strong security posture. The company’s lack of an HR team and security measures allowed the former employee to delete its code and data, highlighting the need for startups to prioritize these areas.
Source:
