IT Staffer Fired

  • Comments posted to this topic are about the item IT Staffer Fired

  • This seems a little harsh. I would assume there was more to the story. For example, this is the 14th time this person has opened an email and let loose a virus in the org. Yep, way past firing time. However, one time? It just takes a single slip up. I'd hate to think any single error could cost me my job, especially when it's something as simple as opening an attachment. Why would my standard company login allow me to infect the planet? I'd say the error lies elsewhere not with the hapless idiot that opened that email.

    "The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
    - Theodore Roosevelt

    Author of:
    SQL Server Execution Plans
    SQL Server Query Performance Tuning

  • I know who I would fire, and it wouldn't be Suzie in accounting.

  • "If you have a privileged account, you better be really careful about opening any attachments from email."

    It may be a better practice to not use the privileged account for email at all.  Use the regular account for email and then be really careful.

    Dave

  • Without knowing the details of the email that the employee opened it's hard to say. There needs to be a judgement call as to whether or not the employee should have reasonably known not to open the attachment. Was the employee being too lax in standard procedure, was he/she not following a well known procedure? Is this the first such incident for the employee or even for the organization? These all play into a termination decision.

    My general thought is termination is fair if and only if someone is circumventing a well known standard process or violating a well known policy, and I say well known because it needs to be a common practice or a policy that everyone generally adheres to, otherwise accountability should fall to the person(s) responsible for the monitoring and enforcement of the policy. Termination is never fair just to save face, though it does happen.

    -

  • What if it had been the director that opened the document?

  • Dave62 wrote:

    "If you have a privileged account, you better be really careful about opening any attachments from email."

    It may be a better practice to not use the privileged account for email at all.  Use the regular account for email and then be really careful.

    Dave

    This doesn't really help. If the system puts a virus/trojan on your machine as a normal user, it could still potentially spread if you executed a sudo or runas, especially if written to look for those commands. I start to lean more towards emails ought to be quarantined somehow to run in a VM.

  • Ralph Hightower wrote:

    What if it had been the director that opened the document?

    I've seen this before. Management or management assistants getting fooled because they're busy.

  • And then what... - Hire a replacement DBA or engineer who doesn't open email attachments?

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Hire one that doesn't open the ransomware ones.

    NO idea of the details, but I do worry about a manager covering their own self-interest by firing a staffer. Could be justified, could not be. Something to think about as you go about your day.

  • The point is that the rules\guidelines should apply to all employees.  Would a director be fired for doing it?  I'd guess not.

  • Another angle is that maybe the ransomware attack isn't purely the result of bad luck, brilliant hacker engineering, or incompetence on the part of the organization. Maybe someone inside the IT organization is assisting with the ransom. That IT lady who says: "Sorry, boss, we can't recover from backup.", maybe she's working with the hackers and getting a cut of the ransom, or maybe she even orchestrated the entire thing solo. It's not that technically difficult to setup a ransomware attack, not when there are DIY kits on the web and the ransomer has inside information about both the organization's infrastructure and financial ability to pay. Even if she ultimately gets blamed for incompetence and fired, she's still walking away with the keys to $$$,$$$ or more in bitcoin.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • I was at first thinking of this as analogous to a truck driver who gets into an accident. Even a careful driver can wind up having an accident, and it's not necessarily a firing offense*. But this is different because normally no one is consciously trying to trick a truck into a crash...whereas the phishing provocateur is doing as much as possible to lure the IT person into a mistake. It's always easier to mess up when someone is trying to fool you.

    * except one crash I witnessed where a driver tried to force his truck under a plainly labelled low bridge, pretty much destroyed the trailer. Driver got out and was talking on the phone... I can only imagine what that conversation was like

    • This reply was modified 5 years, 3 months ago by  jay-h.

    ...

    -- FORTRAN manual for Xerox Computers --

  • Dave62 wrote:

    "If you have a privileged account, you better be really careful about opening any attachments from email."

    It may be a better practice to not use the privileged account for email at all.  Use the regular account for email and then be really careful.

    Dave

    I completely agree. If security is a concern then why would you as a "manager at a high level" have a "high privileged account" AND use it for internet access and emailing? IT staff has used multiple accounts for decades, and if you are working in national security, you don't even have physical connections between internet-exposed machines and the delicate stuff in your machine-room. It is all a matter of risk appetite. No need to fire anyone. Just learn from the experience, and remove someones privileges or set up proper security habits.

  • Steve Jones - SSC Editor wrote:

    Dave62 wrote:

    "If you have a privileged account, you better be really careful about opening any attachments from email."

    It may be a better practice to not use the privileged account for email at all.  Use the regular account for email and then be really careful.

    Dave

    This doesn't really help. If the system puts a virus/trojan on your machine as a normal user, it could still potentially spread if you executed a sudo or runas, especially if written to look for those commands. I start to lean more towards emails ought to be quarantined somehow to run in a VM.

    And points are given for raising my awareness towards more advanced attacks which doesn't fire immediately once inside (as I have seen until now), but waits for the user to run something with elevated rights. I still think it is considerably more difficult to spread as a virus, because the logged-in user's access to resources are limited, so the virus needs to open op the connections itself - defense systems can take measures against that.

Viewing 15 posts - 1 through 15 (of 17 total)

You must be logged in to reply to this topic. Login to reply