is a lot to be said for establishing order in a potentially chaotic environment – regardless of whether that environment consists of screaming teenagers in a
5,000 seat arena or hundreds of savvy IT administrators managing a 5000 system
In our business, we hear a lot of horror stories about IT
administrators sharing passwords to privileged accounts and systems. But even I
was astonished when one of our new employees described how his previous
employer enabled support personnel to easily maintain an “on-call” list.
If you heard the news about McDonalds disclosure
that hackers had stolen customers’ personal data, you might have missed the
scariest part of the story. Yes, it’s a nightmare for McDonalds’ customers that
the email addresses, birthdates, mailing addresses and other information they gave
on the McDonalds web site may now be in the hands of hackers. If you get a
“special offer” from McDonalds on your birthday from now on, are you going to click
on it? Course not. Bad for you. Bad for McDonalds.
It’s time for us IT security managers to do some soul-searching about
our own practices for securing the computer systems that hold our
organization’s financial records, customer data, intellectual property
and other digital assets. If recent high-profile criminal prosecutions
have taught us anything, it’s that employers’ own lax management
practices are what makes these escapades possible.