User tricks, security 'treats'
Because sometimes dealing with folks at the office is a dark art
Computerworld - Thirteen malevolent spirits may haunt the halls and cubicles of your company, and if you're going to scare them into security compliance, you may need to get a little bit spooky yourself. Have a few treats up your sleeve to return for these goblins' sinister tricks.
The Privileged Executive
The privileged executive feels responsible for every aspect of the organization, and compelled to control it. She wants to know everything about every department and project; demands root access to systems and applications, and sufficient rights to act on others’ behalf -- including sending e-mail using other employees’ accounts. Naturally, she objects to the logging of her own activities while demanding stringent audit of everyone else.
Forward articles on prosecution of executives for insider trading, misusing data, and Sarbanes-Oxley Act violations, particularly ones that detail how malfeasance got pinned on the corner office because of too much access. Follow up a few days after each prying event by hinting to IT that it ought to look into apparent audit discrepancies, and suggesting to internal auditors they ought to look into IT control logs. Send monthly updates about how you’re working hard to make sure the execs aren’t exposed to excess risk; make plausible deniability your mantra.
When the king of the roost doesn’t have enough operational responsibility, his functional understanding of technology accompanied by an assumption of anonymity can develop into a penchant for mischief, porn and control issues that fall just short of true megalomania. Sooner or later, the idle owner eventually does something really stupid -- storing very personal videos on company servers, downloading bootlegs of competitor’s products, sending threatening e-mails to his ex, or downloading media you’d rather forward to law enforcement.
Strike up a conversation about how it’s great that your ISP logs all network traffic to adjust the quality of service, and alert you to employee misbehavior. Marvel over how the ISP itself is notified by the FBI’s mysterious Carnivore system, and how it seems to be effective at tracking nefarious e-mail and downloads to specific computers even through networks using NAT. Discreetly throttle network bandwidth to accounting or production when he’s on a downloading jag, and suggest that your audit team might have to look into it. If the activities might reflect back on you, quietly move his office to a separate DSL line for his pernicious personal proclivities.
An Angry God
Your systems administrator was running your network before dirt was invented. He’s always had root or administrator accounts for his daily work, and he’s not going to start using sudo now. In fact, he’s insulted that you suggested it, and is withholding access rights from the only other senior administrator. One of the R&D departments claims that a bunch of its data is now inaccessible, and now your guy is asking for a raise.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts