Todd Kwon-Do

Is your caps lock on?

If you've been reading the news over the past few days then you know that network administrators in San Francisco had an interesting experience when they were unable to log onto the city's FiberWAN network which stores about 60% of all of their data. The inaccessible data includes payroll records, emails, law enforcement records, and a variety of other information.

Ultimately, it was discovered that one of their chief IT administrators (Terry Childs) had restricted all access to the network and put in place a password that he has refused to give to the authorities. Additionally, he setup tracking software designed to "spy" on his boss following a bad review. So, at least for the time being, it looks like the city will have to break out the old paper and pencil and find a new way to do business.

As you might imagine, that is easier said than done. All of us have had a computer crash, or have been unable to send an email or access a key piece of software at some time or another. When it happens it can be really hard to be productive, and extended outages or data loss can even threaten the survival of most companies.

There are a wide array of viruses, spywares, and glitchy software patches that our networks have to survive every day. So, with all of that conspiring to keep us from working, why would anyone expose themselves to the damage that a disgruntled employee can do? The answer is that they don't think they have exposed themselves.

The majority of the time, acts of technology vandalism are committed by someone that the company or business owner trusted. In 10 years of consulting, I have heard countless business owners tell me that they don’t need to worry about it. I hear things like, “We are a small company, and everyone here is a good guy” or “I trust everyone here, it’s not a problem”. We would all like to believe that, but I have had first hand experience with businesses who discovered that hell hath no fury like an employee scorned.

So, how can you protect yourself? It’s easier than you think. Take the time to get to know everyone that has administrative access to your network and ensure that you are on that list. Ask your IT administrator to provide you with a list of usernames that have admin access to your system and inform them that every once in a while you are going to log in using those names and you expect them to be working. Then… DO THAT!.

Keep your account list in the network current. By that I mean that you need to ensure that as employees leave, their accounts are disabled and later deleted. The fewer active accounts you have, the less opportunity there is to compromise them.

You should be leary of any IT consulting company or IT manager that doesn’t volunteer password information to you, or that doesn’t extensively log the setup of your network and offer that information to you. A good IT person doesn’t need to ensure job security by keeping you in the dark.

Finally, I suggest an age old tradition… AUDIT AUDIT AUDIT! For reasons passing my understanding, very few companies have a third party audit of their IT department. The accounting deptartment gets audited, but not the department that is responsible for all of the businesses data and operational needs? Yeah… that doesn’t make any sense to me either. A good IT manager or consulting company will have no problem with an audit.

Could San Francisco have prevented their current problem? I don’t know for sure, but I suspect that with minimal effort on the part of the non-IT management team, that this could have been avoided. Nothing is 100% effective, but even the smallest effort is more effective than doing nothing. Now it is up to the FBI and anyone else that is willing to help to get the city up and computing again.

More detail on this incident can be found on Information Weeks website. However, unconfirmed reports say that after several days effort, Tony Shaloub was unable to solve the case and reminded reporters that he only plays a detective on TV and that "Monk" is, in fact, a fictional character.

posted by Todd @ 6:58 PM