This is one of the scenarios I have to worry about. My IT department isn’t in charge of a city, but we still worry. Most security breaches happen from the inside.
The purported takeover of the San Francisco government’s new fiber optic network by an employee who locked out all the other administrators sounds extreme, but disgruntled or fired employees have always used computers to get a dose of revenge.
The city is still scrambling to regain control of the municipal network that handles everything from the mayor’s e-mail to San Francisco’s electronic court records, according to Ron Vinson, the deputy director of San Francisco’s telecommunications and information services department.
Terry Childs, a city tech employee, allegedly modified the system so that only he had top level permissions. Childs was arrested Sunday and is being held on $5 million bail, after allegedly refusing to hand over the passwords.
If an employee is willing to go to jail over an issue, there is very little you can do to stop it from happening, except to not hire someone who will become disgruntled in the first place. That’s why so many company run psych profiles and background checks these days. Because of pinheads who think revenge is a good idea. The Wired article has a bullet point list of some of these evil IT folks, but I’m sure a few who were never caught failed to make the list.
If you are an IT employee reading this blog entry my suggestion to you is simple – you work in one of the most robust jobs of this century. Instead of focusing on how you can hurt the company you just left, focus on how you can help the next company you’ll work for – it will allow you to retire comfortably.