User tricks, security 'treats'
Because sometimes dealing with folks at the office is a dark art
Computerworld - Thirteen malevolent spirits may haunt the halls and cubicles of your company, and if you're going to scare them into security compliance, you may need to get a little bit spooky yourself. Have a few treats up your sleeve to return for these goblins' sinister tricks.
The Privileged Executive
The privileged executive feels responsible for every aspect of the organization, and compelled to control it. She wants to know everything about every department and project; demands root access to systems and applications, and sufficient rights to act on others’ behalf -- including sending e-mail using other employees’ accounts. Naturally, she objects to the logging of her own activities while demanding stringent audit of everyone else.
Forward articles on prosecution of executives for insider trading, misusing data, and Sarbanes-Oxley Act violations, particularly ones that detail how malfeasance got pinned on the corner office because of too much access. Follow up a few days after each prying event by hinting to IT that it ought to look into apparent audit discrepancies, and suggesting to internal auditors they ought to look into IT control logs. Send monthly updates about how you’re working hard to make sure the execs aren’t exposed to excess risk; make plausible deniability your mantra.
When the king of the roost doesn’t have enough operational responsibility, his functional understanding of technology accompanied by an assumption of anonymity can develop into a penchant for mischief, porn and control issues that fall just short of true megalomania. Sooner or later, the idle owner eventually does something really stupid -- storing very personal videos on company servers, downloading bootlegs of competitor’s products, sending threatening e-mails to his ex, or downloading media you’d rather forward to law enforcement.
Strike up a conversation about how it’s great that your ISP logs all network traffic to adjust the quality of service, and alert you to employee misbehavior. Marvel over how the ISP itself is notified by the FBI’s mysterious Carnivore system, and how it seems to be effective at tracking nefarious e-mail and downloads to specific computers even through networks using NAT. Discreetly throttle network bandwidth to accounting or production when he’s on a downloading jag, and suggest that your audit team might have to look into it. If the activities might reflect back on you, quietly move his office to a separate DSL line for his pernicious personal proclivities.
An Angry God
Your systems administrator was running your network before dirt was invented. He’s always had root or administrator accounts for his daily work, and he’s not going to start using sudo now. In fact, he’s insulted that you suggested it, and is withholding access rights from the only other senior administrator. One of the R&D departments claims that a bunch of its data is now inaccessible, and now your guy is asking for a raise.
- Learn More About Peer 1 Hosting's Mission Critical Cloud Mission Critical Cloud from Peer 1 Hosting is enterprise-ready, creating a perfect point of adoption whether you need an off-premise solution for development
- What Makes a Cloud Solution Truly Enterprise-Grade? Future enterprise cloud capabilities will evolve from five core elements...
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade.
- Peer 1's Mission Critical Cloud: Your Cloud, Your Way Peer 1 Hosting's Mission Critical Cloud offers the ultimate in flexible customization of infrastructure, resources and support. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!