Are 88% Of IT Admins Really On The Verge Of Stealing Sensitive Company Info?
from the unlikely dept
You can't trust your IT admin -- or at least that's the story being pushed by a security firm that released the eye-catching study results saying that 88% of IT admins surveyed would take "sensitive company" info such as passwords, if they were fired. We've all heard stories about disgruntled tech workers, so perhaps some part of this feels true, but that 88% number just seems way too high. The security company obviously has every reason to push a high number, as it's goal is to sell solutions that help deal with this supposed "problem." And, of course, it fails to release the actual details of the survey, such as how the questions were worded. While I'm sure there are some IT admins who would do so, it seems highly suspect to claim that almost 90% of IT admins would act in such a manner.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: disgruntled it workers
Reader Comments
Subscribe: RSS
View by: Time | Thread
In those circumstances, most people in any profession will look for a bit of petty "payback". Some might smash furniture or slash their bosses' tires. Others might be more subtle - stealing clients, reporting perceived bad company practices to the authorities, etc.
A sys admin will have all the hardware, software and data of the company at his disposal. Most of us would think about damaging the company that just canned us in some way, and stealing data or sabotaging the working systems is often the easiest way, especially if your replacement is slow on blocking all your access.
The moral of the story is simple: try to break off with former employees in the best terms possible and then ensure that sensitive data is not available to that person after you've broken the news.
[ link to this | view in chronology ]
Re:
honestly, you should cut off their access before you fire them.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
Nice....
In practice that means firing someone and immediately hauling all of his belongings outside of the corporate building in the presence of a security guard
"best terms possible" indeed...
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
I KNEW IT! HE WAS A EUNICH PROGRAMMER!
[ link to this | view in chronology ]
Re: Re:
Something people used to dealing with physical items often forget - any competent modern sys admin has remote admin capabilities to every part of the network.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Define 'Take'
Just a thought.
Kevin
[ link to this | view in chronology ]
Re: Define 'Take'
If the survey had asked me simply whether I would remember or take passwords with me if fired, I would have to say yes because I can't force myself to forget them. That does not mean I have any intent to use them unethically.
[ link to this | view in chronology ]
Hmmmmm . . . .
Who no doubt has a solution to sell?
[ link to this | view in chronology ]
Re: Hmmmmm . . . .
[ link to this | view in chronology ]
They may have left out the word "Think"
Of course people would think about it. Anger is a part of being fired. But I think most admins are mature and responsible enough to not act on fantasies of revenge.
[ link to this | view in chronology ]
Re: They may have left out the word "Think"
[ link to this | view in chronology ]
Seen this coming...
For those that haven't been initiated, you can google BOFH... it's perfectly safe to view at work.
[ link to this | view in chronology ]
They are if you are a security firm selling solutions to employee theft otherwise it is most likely closer to 8.8%.
[ link to this | view in chronology ]
Information is...
How do they give back that info before leaving?
[ link to this | view in chronology ]
Wrong question.
[ link to this | view in chronology ]
Re: Wrong question.
The Rawr: Semi-technically inclined managers are the worst. You can understand some of it, but they try to use technical terms that may not mean the same to a seasoned IT worker.
[ link to this | view in chronology ]
Re: Wrong question.
[ link to this | view in chronology ]
I guess...
I have a few tricks that up my sleeve that if I was fired that would cause head aches. No stealing or deleting, just a little something to keep the new guy busy.
[ link to this | view in chronology ]
Contacts
[ link to this | view in chronology ]
And just who...
[ link to this | view in chronology ]
Doesn't "Fired" generally mean immediately dismissed?
It has been my experience when dealing with IT personelle that if you have admin rights, you are walked out immediately upon termination of employment by either party.
If that is the case, the only thing that the employee can take is what they used everyday before that. So how can they be stealing anything after the fact? Shouldn't policy actually resolve any threats through password changes?
So this 88% is just a scare tactic, and probably doesn't constitute a threat as much as a question like: "If you were fired, would you try to login to see if any of your password still worked?"
[ link to this | view in chronology ]
Re: Doesn't
Remember a sys admin has access to everything on the network. Forget to change a particular password or disable a certain service, and that sys admin can easily gain access to data after the firing, even if he's immediately escorted off premises.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
'fired' - keyword
She someone do it. No. You're just lowering yourself and asking for trouble yourself. If the company is truely mean, you can rest assure they'll never keep any decent admins and will have crappy IT.
Last company I worked for was a cookie-cutter Microsoft based infrastructure. But good luck doing anything since they where
firewalled from the outside,
ACL's between vlans to block unsecure windows sharing protocols,
your network account got disabled on your last day,
ALL local admin passwords were 20 char randomly generated that were changed daily,
each workstation limited logons to the primary users of the computer,
to get admin access to a computer you had to be in a certain security group and had to request the admin password which was logged and would give you temporary admin access for 2 hours before it would kick you off and demote you,
even the primary user of a computer had to opt-in and follow the same rules for admin access except they were limited to only their computer,
unused network ports were disabled,
wireless used the new AES wirelss encrpytion AND you had to VPN in to get any access to anything,
everything was based around minimal power and having to make logged requests to get access to anything which was easily done.
Even with all these check points, working as IT was easy and requests where transparent.
This was a University.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Black listed?
So they would put themselves in check mate should they actually go forth with it.
PLus, saying you would do something doesn't mean you would. My bro got jumped once, I said i would have done this and that, then i got jumped a couple of years later, I did not deliver what I said I would a couple of years earlier.
Also, if these people have families, they don't want to risk the possibility of prison or even a law suit because their families come first. (usually)
[ link to this | view in chronology ]
digital clues snitch on the criminal
[ link to this | view in chronology ]
So why on earth would any worker feel obliged to have a shred of loyalty to their employer? It wasn't the workers who created the sense of hostility that exists between ownership/management and labor.
[ link to this | view in chronology ]
Oh, and for good measure- 88% of statistics are made up on the spot.
[ link to this | view in chronology ]
This just in...
[ link to this | view in chronology ]
As an IT Admin
You should respect the company's privacy even if you are fired.
[ link to this | view in chronology ]
Statistics........
[ link to this | view in chronology ]
[ link to this | view in chronology ]
spam them all
Here's some examples (pulled from recent spam):
http://www.dataentrycorp.com/unsubs.php
http://redguu.com/remove/
http://www.emerica linksite.com/index/MTYwMXw=/Unsubscribe.html
http://cactusmedia.com/goldrush/unsubscribe.asp
[ link to this | view in chronology ]
I wouldn't do that, no matter how pissed off I was. I'm not about to try and find a job with anything like that on my record.
[ link to this | view in chronology ]
IF
[ link to this | view in chronology ]
No 88% is at least 60% too high
[ link to this | view in chronology ]
[ link to this | view in chronology ]
spam them all
Here's some examples (pulled from recent spam):
http://www.dataentrycorp.com/unsubs.php
http://redguu.com/remove/
http://www.emerica linksite.com/index/MTYwMXw=/Unsubscribe.html
http://cactusmedia.com/goldrush/unsubscribe.asp
[ link to this | view in chronology ]
All your base...
[ link to this | view in chronology ]