| Recent Articles |
The Un-Server: Using A MacBook
I started following through with some of my 2008 resolutions. First thing was to finally take the time to program our thermostat. I set it to 59 degrees at 10:00 PM, then to turn up to 64 at 7:00 AM, down to...
2007's Biggest Problem - The Trusted Insider
This has not been a banner year for insider hacks, and insider data loss across the board. In many ways we can most likely call this the year of the insider. Either through actual hacking, or through actual not...
Security Around Social Initiatives
Read Write Web has a great digest of the entire last round of social applications, from open social to Facebook, android, Bebo and box.net. Understanding these applications from a security viewpoint is...
Red Hat, Where's The Love For Hyperic?
Matt Aslett at The 451 Group reports: "Red Hat and GroundWork Open Source announced an interesting expansion of their partnership today that sees...
HTTP Conditional Gets In ColdFusion
I've been working on performance updates to ColdFusionBloggers over the past week or so - and the primary area I'm working on is the aggregator. One item that has been recommended to me by multiple...
| | 01.25.08
A Recent Security Horror Story
 By Dan Morrill
This will teach folks to put out help wanted ads, seems a receptionist in Florida read a help wanted ad that her employer put on, and thought that she was going to be replaced. Rather than asking, and thinking that her job was threatened, she decided to delete files, to the tune of 2.5 million dollars.
A Florida woman who believed she was about to get fired has been accused of deleting $2.5m worth of computer files to seek revenge on her employer. Jacksonville Sheriff's officials say Marie Lupe Cooley, 41, used her own account credentials to access the server of Steven E. Hutchins Architects and delete seven years' worth of drawings. The firm's alarm company said someone entered the premises at 11 p.m. on Sunday and was there for about four hours. Source: Register
Security engineers are always going to tell you to have minimum permission sets, good backups, and be prepared for the worst. This is standard operating procedure, but when it comes to a small company, these kinds of procedures are often not followed.
This is not the first horror story along these lines, but small business makes up a disproportionate number of employers, and should be paying the same kind of attention to detail that big businesses do.
As talk of recession, stock market variations, and the general unease that has permeated the workforce over the last two or
three months increases through 2008, you have got to pay attention to what employees are doing, across all companies no matter the size.
Fortunately the company was able to recover the files, the problem is she got a 1000 dollar bail, and is on the streets. Did they kill off her remote access?
About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community. |
0 comments:
Post a Comment