Fatal IT mistake No. 2: Snooping on the boss
A few months ago, Oli Thordarson got a call from the CFO of a midsize health care provider in Southern California. As CEO of Alvaka, an advanced network management services company, Thordarson and his staff are often asked to act as a virtual CIO for small businesses and to perform forensic investigations.
The CFO told Thordarson he thought someone was secretly reading his email, and he had a pretty good idea who it was: the director of IT.
The CFO said that, over the past two years, this guy had made comments about things he had no business knowing, says Thordarson. "The running joke was that the director of IT knew more about what was going on inside the company than anybody else," he says.
Thordarson had one of his techs modify a real-time network probe so that it would send a silent alert if anyone was reading emails they shouldn't be accessing. Within a few days, Alvaka discovered that the director of IT was indeed reading the CFO's email -- as well as messages from the CEO, the chairman, and other top brass. The next day he was reading the want ads at Monster.com.
This problem is more common than you might think, Thordarson adds. In roughly two-thirds of the companies Alvaka advises, techs have the ability to read any employee's email, including that of top executives.
"Did they do it to enable support and then forget to undo it, or did they do it because they wanted to snoop?" asks Thordarson. "We don't really know."
Moral of the story: A fool and his job are soon parted.
Fatal IT mistake No. 3: Covering up the crime
It was a mistake that could have happened to anyone. The IT staff at a major financial institution needed to replace a disk tray for an older storage array. A staffer called the vendor and had one shipped out. But the junior sales guy at the vendor made a mistake and shipped the wrong tray -- one for a newer array that was incompatible with the old one.
The array then failed catastrophically, taking the entire bank's system offline for nearly a week and costing millions of dollars in lost transactions. That's when they called in Anthony R. Howard to troubleshoot.
There were three big screwups, says Howard, a best-selling author ("The Invisible Enemy: Black Fox") and independent technology consultant for Fortune 50 companies and the U.S. military. One, of course, was that the vendor shipped the wrong unit. The second was that the bank's IT staff tried to install the array itself without waiting for the vendor to send out a qualified technician to do it for them.
The third problem was the big one, though. Almost everyone involved in this screwup lied about it, says Howard. Only one staffer had the courage to admit what really happened.
"When the IT staff saw their jobs were in danger, they began to try to protect themselves and blaming the tech support staff of the vendor," says Howard. "After the bank's internal team was done with its investigation and found out that only one person told the truth, he was the only one who managed to keep his job."
Moral of the story: If the crime doesn't get you, the cover-up will.