A former developer at Eaton Corp was recently convicted for embedding a "deadman’s switch" that sabotaged systems immediately after his termination. For SMB leaders, this case is a stark reminder that cyber defense isn't just about blocking external hackers; it is equally about robust, immediate, and automated offboarding of internal access.

• The Inside Threat is Often the Greatest Risk: Unlike an external breach, a disgruntled employee already has the keys to the kingdom. In this case, the developer spent months writing malicious code—specifically named "Is Davis Lu Enabled in Active Directory"—to delete files and lock users out if his status ever flipped to "no."

• Automation is Your Shield: Manual offboarding processes are prone to human error and delays. If your systems are integrated and automated, you reduce the window of opportunity for "parting gifts." However, as this case shows, you must also monitor for unauthorized changes to system logic before the departure happens.

• Auditability Discourages Sabotage: The developer was caught quickly because his tracks were all over the server logs and his company laptop history. Maintaining strict audit logs doesn't just help in the forensic cleanup; it acts as a legal deterrent.

Davis Lu faced conviction after his code caused hundreds of thousands of dollars in damages (though his defense disputes the amount). He now faces up to 10 years in prison. His plan was discovered because he used his work laptop to research the sabotage and left obvious identifiers in the code. For an SMB, a similar incident could be catastrophic. You can read the full breakdown of the case here.