Hi I’m Bruce Naylor and welcome to this week's edition of the FrugalTech Show. I'm your host, Bruce Naylor where we’re talking small business technology, how to make money with technology, save money in technology, ways to grow your business, and protect your business using technology.
And every week our show has a theme and this week we're talking about small business IT security. I mean the security business as one of the things that I do here. And I've come across when I think of some interesting articles that I’d like to kind to share with you folks today. The first one is an article from Technocracy, it's written by Phil Elmore. And I think it's a very, very, very good article especially for small business owners and the small business IT professional just kind of keep this in mind.
It was basically a story about a fellow by the name of Steven Barnes, and the reason why he went to jail. Now Steven Barnes is a former IT manager for a California Internet Media Company. Now he was just sentenced to a year and a day and three years probation not to mention about $50,000.00 in restitution because he broke into his former employer's network and created some real havoc for these people.
Now the name of the article is the most insidious IT security risk. And you know this is something so amazingly simple, but yet it happens all the time so what it bears bringing this up. What Barnes did is he really threw his career away and prospects probably for future employment at least in the IT business because when the company fired him he went home and he tried his old user log in and lo, behold it worked. And when he did that he risk resent their exchange server to become what's called an open relay, and what that does is to let third parties out there relay their spam messages through his former employer's email server. And boy what a big mess that made out everything for the employer.
Now Barnes is blaming everybody else but himself. He's blaming his prior employer for example because they should have had some kind of firewall, but he got him through the normal way. Firewall wouldn't prevent that from happening. He claimed he was suffering from various substance abused, problems and all that.
But here’s the kind of the cracked story. Basic IT security policy, right concerning former employees should dictate. The Steven Barnes was let go for costs should not be allowed access to the network from the moment he was told he was fired. From that very moment he should have had his user account disabled, and a password changed all that sort of thing.
Many times in the IT world when you work for a company, small company is the minute you announced that you’re going to leave a lot of times you’re just very politely you said, “You know, thank you for the two week notice, but you know because of company policy, we’re going to go ahead and cut your check, get out of there and we’re going to cut off your access to network because really that boy becomes a security risk to the company.”
Anyhow the article goes on to say, “The real problem is, is not the technology that the importer used. It wasn't that at all. It wasn't the fact they had state of the art security. They have firewalls and all this kind of stuff. The real culprit was the company simply trusted him too much. Now that's the real story there is that they trusted him. There is no fancy and there’s no global solution that it’s going to make technology safer more secure for the average network if it’s real or not and so because they simply cannot eliminate one thing and that’s the human equation, that human element in the IT infrastructure
So when you’re dealing with people basically technology is not going to be the always the answer, so the watch words is it used to be trust to verify, but now it’s really you know trust no one and remain vigilant. Human nature is an IT security exploit and it can never be otherwise, and I think that is some pretty sound advice.
Transcription by:
Scribe4you Transcription Services