We’ve all heard about the stories involving EIBKAC such as using the CD-ROM drive as a coffee mug holder, and erasing the C:\Windows folder to free up space on your hard drive. InfoWorld has an informative article which turns these stories on their head, and provides stories about stupid IT administrator actions.
The thing that struck me is that out of the six items they highlighted, four of them were directly security (or insecurity) related, and a fifth was related to disaster recovery, which is also a security concern.
- Preconfiguring PCs with stone-age malware
- Sending computers out from the factory with a virus circa 1994 which the built-in antivirus couldn’t repair
- Oh, you wanted to recover those backups?
- An entire issue of BusinessWeek was lost when a hard drive crashed
- Soup of the day: Social Security numbers
- A school’s database of folks to send the weekly cafeteria menu into was completely unprotected and contained SSNs
- The tool and the toolbar
- The Alexa toolbar was used to crawl and cache sensitive parts of a company website
- Paging Dr. Data Breach, please come to the IT morgue
- Company took down firewalls to ease (sensitive) data migration, and then inexplicably never turned them back on
Next time you blame users for lax security, remember that the IT staff can be brain-dead as well.