Who do you call when your email isn't reaching your inbox? Who do you ask when you need to provision a new employee's desktop or reset a password? And who gets the nod when you need to roll out a new OS or set up an enterprise SharePoint environment? Your local IT pro hero, of course. But, as a telecommunications department for the city of San Francisco recently learned, in some cases, it's the IT pro that you need to be rescued from.
A news story last week "IT Admin Locks up San Francisco's Network," http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9110176 tells about a network administrator for the city of San Francisco, who has locked up a computer system that handles sensitive information for the city. Details of the incident are sparse, but apparently the culprit reset system passwords and is refusing to disclose them to officials. The network is still functioning, but network administrators can't access the system to make configuration changes. There are also reports that he may have opened up the network to third parties who could then access sensitive records or continue doing damage, even while the man remains in custody. The man will likely end up paying a pretty severe penalty, but so will the city, which could end up with hundreds of thousands of dollars worth of repair costs. That's a hard lesson to learn, but couldn't the company have prevented this breach? Where did the breakdown occur that allowed one employee to gain such exclusive access to a city's critical computer systems?
Of course, this type of incident is rare and gives IT pros in general a bum rap. But it certainly makes you think of the potential havoc an IT pro could create for the organization he or she was hired to support. Are we at the mercy of our IT departments? Organizations place a great deal of trust in their IT pros, but as this story points out, once in a while it can come back and bite them. It's not an area in which companies can afford to become complacent. If you leave a door ajar, the bad guys will come.
I'd love to hear what our IT pro readers think of this story. Have you heard of similar incidents? Would someone be able to wreak similar havoc on your company systems or does you company have enough security checks and balances to prevent it? Add your thoughts to the Comments section below.