Skip the navigation

User tricks, security 'treats'

Because sometimes dealing with folks at the office is a dark art

By Jon Espenschied
October 28, 2006 12:00 PM ET

Computerworld - Thirteen malevolent spirits may haunt the halls and cubicles of your company, and if you're going to scare them into security compliance, you may need to get a little bit spooky yourself. Have a few treats up your sleeve to return for these goblins' sinister tricks.

The Privileged Executive
Her trick
The privileged executive feels responsible for every aspect of the organization, and compelled to control it. She wants to know everything about every department and project; demands root access to systems and applications, and sufficient rights to act on others’ behalf -- including sending e-mail using other employees’ accounts. Naturally, she objects to the logging of her own activities while demanding stringent audit of everyone else.

Your treat
Forward articles on prosecution of executives for insider trading, misusing data, and Sarbanes-Oxley Act violations, particularly ones that detail how malfeasance got pinned on the corner office because of too much access. Follow up a few days after each prying event by hinting to IT that it ought to look into apparent audit discrepancies, and suggesting to internal auditors they ought to look into IT control logs. Send monthly updates about how you’re working hard to make sure the execs aren’t exposed to excess risk; make plausible deniability your mantra.

Idle Owner
His trick
When the king of the roost doesn’t have enough operational responsibility, his functional understanding of technology accompanied by an assumption of anonymity can develop into a penchant for mischief, porn and control issues that fall just short of true megalomania. Sooner or later, the idle owner eventually does something really stupid --  storing very personal videos on company servers, downloading bootlegs of competitor’s products, sending threatening e-mails to his ex, or downloading media you’d rather forward to law enforcement.

Your treat
Strike up a conversation about how it’s great that your ISP logs all network traffic to adjust the quality of service, and alert you to employee misbehavior.  Marvel over how the ISP itself is notified by the FBI’s mysterious Carnivore system, and how it seems to be effective at tracking nefarious e-mail and downloads to specific computers even through networks using NAT. Discreetly throttle network bandwidth to accounting or production when he’s on a downloading jag, and suggest that your audit team might have to look into it. If the activities might reflect back on you, quietly move his office to a separate DSL line for his pernicious personal proclivities.

An Angry God
His trick
Your systems administrator was running your network before dirt was invented. He’s always had root or administrator accounts for his daily work, and he’s not going to start using sudo now. In fact, he’s insulted that you suggested it, and is withholding access rights from the only other senior administrator.  One of the R&D departments claims that a bunch of its data is now inaccessible, and now your guy is asking for a raise.

Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!