- The Washington Times - Wednesday, November 23, 2005

In the press one reads of this or that virus that has cost the world’s businesses billions or of evil hackers who have broken into computer networks and wreaked havoc. It happens. A friend of mine handles network security for medium-sized businesses. He tells a different story. A major but often unnoticed expense arises, he says, in protecting companies from their own employees.

“For me, the biggest headache is employees, usually of middling rank, who think they ought to have administrator privileges.” This is computer talk for having a password that gives them complete control over the machine, and therefore the power to do dangerous things.

“The worst problems are people who think they know more than they do. They want to download all kinds of software, like four different programs for listening to music. Or — this is common — they go to porn sites and then say they didn’t. Well, I can see that they did. I promise they’ll have spyware in five minutes if they do that.”

A problem is that many free programs are badly written, he says, and cause difficulties that are hard to pin down. Then he has to spend many hours finding out why Joe’s computer stopped working. Since he is paid by the hour, the company ends up spending many hundreds of dollars, absolutely unnecessarily, because Joe wanted another music program.

“If I can possibly get the CEO to back me, I just don’t let anyone have the passwords. Then they scream because they have to get an IT tech to download things like printer drivers. Well, that’s cheaper than paying me.”



He says that over and over people somehow get the administrative password and start installing things. Then, he says, they lie about it.

“I can’t think of another word for telling me they didn’t do something that is perfectly plain in the logs. I get this ‘Huh? Who, me?’ attitude and it’s bogus. Lots of them get real resentful when I won’t give them passwords. You can tell them why, but they think they are special. Hackers don’t give me much trouble. It’s the employees.

“Even the CEOs don’t always realize how much it runs up their expenses when I can’t trust their workers. It usually isn’t that anyone is deliberately sabotaging the company. But when I know that employees may have been fooling around with things they shouldn’t have access to, it makes me spend a lot more time trying to figure out what has happened. When I find 10 unauthorized log-ins with administrator privilege, and I have to figure out what is going on, I can’t assume that they came from outside. I have to start from zero and check every employee.”

Viruses usually come as “executable attachments” to e-mail. Everyone knows this, he says, but “it’s almost a compulsion. Sooner or later somebody will click on the thing. Telling them not to just doesn’t work.” His answer is to have executables automatically deleted before anyone even sees them.

“Then they get infuriated because they can’t play some cute game somebody sent them. Sometimes the CEO doesn’t understand why it’s important to block active content. Then when the system goes down, he loses confidence in me. After all, wasn’t I supposed to stop these things from happening? Yes, I was. But I can’t if they don’t take security seriously. What they do is like leaving your house with the doors wide open when you go on vacation, and then wondering why you got robbed.”

Copyright © 2019 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.

 

Click to Read More and View Comments

Click to Hide