When Mr. Justen contacted authorities about the attacks and explained what he thought was happening, he said he learned something else about his former chief technology officer: there was little, if any, official proof that he existed. Mr. Justen said he knew that the officer was unusual, that he had been arrested on an outstanding warrant after being pulled over on suspicion of driving with a fake license plate. But Mr. Justen said he did not realize that the chief technology officer had no official identity: no driver’s license, no credit cards, no tax returns. The chief technology officer apparently had been living off the grid, which made tracking him down almost impossible even with the help of the authorities.
Mr. Justen said he concluded that the chief technology officer had built multiple “backdoor” entrances into the MyBizHomepage software and had compromised the company’s backup data. It became clear that the site would need to be shut down indefinitely, essentially putting the company out of business.
THE OPTIONS Given the security breaches and the destruction of the backup copies of the code, Mr. Justen said he knew that he would have to start from scratch if he wanted the company to continue. But he was reluctant to go back to his original investors for more money, and he knew he would have a hard time raising capital after the 2008 credit crisis. He considered having the company declare bankruptcy, but he knew that meant his investors would lose everything.
He also struggled with how public to make what had happened, particularly given that his customers had trusted him with delicate information. They might not be eager to re-enlist, knowing the service had been hacked by an insider. While he had been working with authorities to track down his former chief technology officer, Mr. Justen also considered his legal options if the officer were located.
Finally, Mr. Justen, who had a family to support, considered simply shutting the doors to the business and walking away for good.
WHAT OTHERS SAY Norm Brodsky, a serial entrepreneur (Read More: How the Toilet Paper Entrepreneur Branded Himself Too Well.)
and columnist for Inc. magazine in New York City: “Mr. Justen should focus on restructuring or starting a new company using his intellectual property. Bankruptcy won’t help. His only asset is his software, which they will just auction off and sell to the highest bidder. He should also be honest about how he played a role in what went wrong. Why didn’t he run a background check on his C.T.O.? And why did he fire him without first putting a plan in place to protect the software? He can’t afford to make those mistakes again. I always say you should trust everyone but also keep your eyes open.”
Mark Davis, senior director at the White House Writers Group, a consulting company in Washington, and the co-author of “Digital Assassination,” a book on cyberterrorism: “Mr. Justen has no choice but to go public with an apology and an explanation. He should put up a YouTube video explaining what happened and what action steps they are taking to rectify the situation.”
Joy R. Butler, a business and entertainment lawyer in Washington who wrote “The Cyber Citizen’s Guide Through the Legal Jungle”: “Mr. Justen and his company have limited legal options going forward unless they can locate the C.T.O. The company might then seek redress by suing for breach of any noncompete or confidentiality provisions that may have been in the former C.T.O.’s employment agreement.”
John Mutch, chief executive of BeyondTrust, a global provider of security software: “Unfortunately for Mr. Justen, he probably needed to lock the system down before firing his C.T.O. If he decides to go forward, he should consider building role-based security around his company’s critical assets that limits who can access what.”
THE RESULTS Offer your thoughts on Mr. Justen’s decision on the You’re the Boss blog at nytimes.com/boss. Next week, on the blog and in this space, we will explain how the company is doing.