Tech stories of data vulnerabilities caused by incompetence and
overlooked details by executives, IT managers, or admins
Security breaches -- they're an IT issue that's difficult to prevent
completely, but even harder when the threats develop from the inside,
whether it's hardware stolen by dishonest employees or data loss
caused by oversight within the ranks.
How does a techie deal with security issues effectively when
executives, IT managers, or fellow admins don't take the necessary
precautions? Bureaucracy and incompetence make for tricky situations.
Here are a handful of stories from the Off the Record archives that
are written by tech pros about their memorable experiences dealing
with security vulnerabilities that could have been prevented. Security
technology and procedures may change, but handling users' security
misunderstandings or oversights does not.
"Steal my data, please." A university's server gets hacked, all
because the boss was too scared to install a firewall.
"An IT contractor discovers too much company information." Just days
into a short-term contracting job, a techie unearths a surprising
security risk -- and exposes the network admin's misplaced priorities.
Take an open network, add file sharing, and you have a security hole
big enough for a battleship -- and a reminder of why it's important to
let technical people set technical policies.
"My unnatural disaster." Who needs malicious hackers when you have
admins like this?
"Danger inside the firewall." That nice, new wireless router the
auditors brought in might as well have been a ticking bomb.
"Why trouble employees with passwords?" Job title: Manager of network
security. Instructions: Could not require anyone to have passwords,
because it was asking too much to make people remember them. What
could go wrong?
No comments:
Post a Comment