Stupid user tricks 4: IT horror never ends

Nine more real-world disasters courtesy of your network's weakest link

Nothing can screw up a well-managed network faster than the people for whom you built it. Whether it's user error, optimistic expectations, or simply that bastard Murphy, IT's job is rarely predictable.

Lucky for you, there are lessons to be learned from others' misfortunes. So rather than wait to make your own forehead-shaped dent in the office wall, familiarize yourself with the screwups detailed below. It will make you that much more prepared to safeguard your IT environment from the ever-evolving boneheaded tendencies of those you serve.

[ Users are by no means alone when it comes to hard-headedness in the IT world. See "Stupid user tricks 3: IT admin follies" and "True IT confessions" for real-world tales of folks who should know better fouling up. ]

Stupid user trick No. 1: Home is where the malware is

It happens at least once a year, and this year it happened twice, writes one IT admin: "And though we make the point with memos and lectures, there always seems to be someone who gives their work PC to the kids at night."

OTR-edit-promo.jpg

The situation is familiar: To save on expenses, folks buy fewer home PCs, but their kids want to use them more than ever. Enter the corporate laptop into the home Web surfing environment -- a recipe for disaster for IT.

And it's not just kids playing games and doing homework. It's spouses using social networking -- and that uncle nobody talks about surfing porn on your corporate machines.

"Our security tends to be better than the average home box, but that won't protect you forever if you actually run out and look for attack sites," our admin warns. Sooner or later, one of your user's laptops will get compromised, leaving your network exposed to infection the next time he or she logs on at the office.

"We've gotten better at catching these compromised machines early, so instead of it being the big problem it used to be, last year it mainly just confirmed our investment in end-client security," the admin says.

The worst offender? A procurement manager who was found to have a keyboard logger installed on his company-issued laptop. "And this was a guy who spent several $100K a year online for the company," the admin informs us.

Solution: End-point security goes a long way toward preventing infected machines from gaining access to the corporate net, but they'll never be 100 percent effective. Web browsers are the gateway to hell when it comes to attack entry points. Let your users surf helter skelter and your attack potential goes way up. The only preventative measure: a strong fair-use policy and a management staff that'll enforce it.

Moral: Users will continue to break your official-use policy as long as money is tight and they believe the consequences are minor. Include disciplinary action in your policy, and make sure users know you're tracking Web site visits and system access. Otherwise, you are simply setting yourself up for disaster. Another solution: Sponsor employee discounts on netbooks. That way, your users will be less tempted to transform company property into their home PCs.

1 2 3 4 5 6 7 8 Page
Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies