Moral: Educate your users about social engineering, because rich Nigerian royalty, or corporate data raiders, can get you no matter what kind of antimalware you have.
Stupid user trick No. 2: The dirty back end
Circumventing IT for remote access can put you in a compromising position, as one IT manager at a software company in Florida tells it, especially if your company employs developers with dirty minds -- and who does that?
"A couple of years ago, our GM of sales had to demo our product to a potentially large customer. It was a rush meeting, so he had the head software architect on his team set up a remote connection to the dev servers back at headquarters," the IT manager says.
"The sales GM didn't tell the architect what he needed those connections for, and the other guy didn't think to ask. Neither thought to ask us," the IT manager adds. "Had they done so, we'd have stopped it."
Fast-forward to the middle of the GM's sales demo.
"The GM tags back to the dev environment to access a back-end database the app was using. But the database was full of junk data, like dev databases usually are. Junk data with first some weird names and then some downright nasty names -- like XXX nasty. All that flashed up on the screen when the GM ran his query."
Needless to say, they didn't get the sale.
Moral: Don't set up a remote demo without talking to everyone concerned. And maybe talk to your developers about not getting their dev data from Hustler.
Stupid user trick No. 3: Welcome to the thunderdome
It pays to be civil to your coworkers, says one IT admin who witnessed firsthand the special kind of evil a workplace feud can wreak on your IT systems.
"We had an exec who was, simply put, a dyed-in-the-wool jerk. No question, just a jerk. He gave everyone a hard time no matter whether they were on his team or whether the quality of their work was good or bad. He just enjoyed being a jerk," the admin says.
Until he decided to give IT a hard time.
"This one time he went out of his way to blame the low productivity of two teams, including his own, on technology problems. The senior IT manager was new to the role, just got promoted into it, and was completely unprepared for this in a senior staff meeting with the CEO. So he was majorly embarrassed and almost got fired only three weeks after taking the new gig. He did get put on probation and already had a ding on his review," the admin says.
Then the new senior IT guy decided to get even.
"None of us can prove it, but from what we were able to figure out, he hacked into the jerk exec's desktop, notebook, and we think even his phone. Dropped all kinds of nasty scripts on there, including one that kept the machine asking for new NAT leases, somehow kept Windows asking for updates no matter how often the guy installed them, added some kind of white list that kept the guy off of all the sites that he needed to see and only let him onto weirdo porn or pirate sites, deleted the contact list off the phone whenever the guy hooked it up to his PC, and autotrashed a random percent of any new files that were saved each day. It was ugly," the admin says. "The guy couldn't even log on at Starbucks."
Herein lies the second source of idiocy in this sordid little fight-club tale: the senior IT manager with an ax to grind.
"The executive lost two trip itineraries and even lost a sales presentation right before he had to give it. I think that last one is where the evil IT guy figured he'd done enough -- that cost us a sale."