Fired KiranaPro Staff Deleted Entire Code & Data: A Cautionary Tale of Unsecured Access
In a shocking turn of events, KiranaPro, a startup that offers a Kirana store management software, recently found itself in a state of chaos when an ex-employee with access to the company’s credentials deleted the entire code and data. The incident has raised concerns about the importance of proper employee off-boarding procedures, especially in startups that may not have a full-time HR team.
According to TechCrunch, KiranaPro’s CEO, Deepak Ravindran, revealed that the ex-employee was behind the deletion of the company’s code and data. Ravindran shared a GitHub email that confirmed the employee’s credentials were used for the deletion. The email was sent by GitHub, a web-based platform for version control and collaboration, which alerted KiranaPro to the suspicious activity.
The incident occurred due to a lack of proper employee off-boarding procedures. As KiranaPro’s CTO, Saurav Kumar, explained, “Employee off-boarding wasn’t being handled properly because there was no full-time HR.” This meant that the ex-employee still had access to KiranaPro’s credentials, allowing him to delete the entire code and data.
The consequences of this incident were far-reaching. KiranaPro’s code and data were wiped clean, leaving the company’s developers unable to access their work. Additionally, salaries were delayed, and the company’s founder, Ravindran, was left to reckon with the aftermath of the deletion.
This incident serves as a stark reminder of the importance of proper employee off-boarding procedures. When an employee leaves a company, it is crucial to ensure that they no longer have access to company credentials, data, and code. This can be achieved through a combination of technical and administrative measures, such as:
- Revoking access to company credentials: This includes revoking access to email accounts, GitHub accounts, and other platforms where company data is stored.
- Deleting company data: This includes deleting any company data that is stored on personal devices or cloud storage platforms.
- Retaining a record of company data: This includes maintaining a record of all company data, including code, documents, and other files, to prevent any data loss in the event of an employee departure.
- Implementing a secure off-boarding process: This includes implementing a secure process for off-boarding employees, including steps such as:
- Conducting a thorough review of the employee’s access and privileges
- Revoking access to company credentials and data
- Deleting company data from personal devices and cloud storage platforms
- Providing a record of company data to the employee
- Conducting a thorough audit of the employee’s activities during their tenure
In the case of KiranaPro, the lack of a full-time HR team meant that the company did not have the resources to implement a secure off-boarding process. This led to the ex-employee still having access to the company’s credentials, resulting in the deletion of the entire code and data.
The incident also highlights the importance of transparency and communication in the aftermath of an employee departure. KiranaPro’s CEO, Ravindran, was quick to communicate the incident to the public, revealing the details of the deletion and the measures the company is taking to prevent similar incidents in the future.
In conclusion, the deletion of KiranaPro’s code and data serves as a cautionary tale of the importance of proper employee off-boarding procedures. It is crucial for companies to implement secure processes for off-boarding employees, including revoking access to company credentials and data, deleting company data from personal devices and cloud storage platforms, and retaining a record of company data.
Sources:
