Stupid user tricks 6: IT idiocy loves company
IT fight club, dirty dev data, meatball sandwiches -- nine more tales of brain fail beyond belief
Follow @infoworldYou'd think we'd run out of them, but technology simply hasn't advanced enough to take boneheaded users out of the daily equation that is the IT admin's life.
Whether it's clueless users, evil admins, or just completely bad luck, Mr. Murphy has the IT department pinned in his sights -- and there's no escaping the heartache, headaches, hassles, and hilarity of cluelessness run amok.
[ For more real-world tales of brain fail, see "Stupid user tricks 5: IT's weakest link." | Find out which of our eight classic IT personality types best suit your temperament by taking the InfoWorld IT personality type quiz. | Get a $50 American Express gift cheque if we publish your tech tale from the trenches. Send it to offtherecord@infoworld.com. ]
Below, we've compiled nine more shining examples of user stupidity for your amusement, and education.
Stupid user trick No. 1: The itchy clicking finger of fate
Sometimes you have to don Nigerian princely robes to know just how likely your network is to get hosed, learned one IT admin at a midsize financial company in the Midwest.
"We've spent well into six figures on perimeter security, antivirus, and antimalware software to keep customer data and get through audits. But even so, in the last year and a half we've had no fewer than six breaches with data being stolen or compromised," says the admin.
"Then over drinks one day, a buddy who is a security consultant casually mentioned that human compromises were just as common as technology vulnerabilities."
Keen to quantify this collective brain fail, the admin's team set up a test.
"We took the roster of employees of our two largest offices and checked their corporate email addresses to see which were accessible off the Web. Out of 178 employees, 138 corporate email addresses were easily discovered -- like two or three clicks off Google. That alone surprised me."
The team then set up a phishing email and sent it to all 138 employees.
"Now I know why those Nigerian princes keep bothering people," the admin says. "Our current malware technology caught only 58 percent of our home-brew phishing mails. On top of that, because we didn't use the usual Nigerian-prince or $1-million-estate-up-for-grabs schemes, we managed to get 64 out of 138 to click on our 'malware' link."
Needless to say, the results raised eyebrows in the corner office.
"For the past six months, we've rebuilt and toughened up our antimalware perimeter, but much more importantly we've given several seminars on Internet and corporate security, and we got our COO to make attending at least one of those seminars mandatory for every employee."
