IT Staffer Fired

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 715841

    Comments posted to this topic are about the item IT Staffer Fired

  • Grant Fritchey

    SSC Guru

    Points: 395510

    This seems a little harsh. I would assume there was more to the story. For example, this is the 14th time this person has opened an email and let loose a virus in the org. Yep, way past firing time. However, one time? It just takes a single slip up. I'd hate to think any single error could cost me my job, especially when it's something as simple as opening an attachment. Why would my standard company login allow me to infect the planet? I'd say the error lies elsewhere not with the hapless idiot that opened that email.

    ----------------------------------------------------
    The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood...
    Theodore Roosevelt

    The Scary DBA
    Author of: SQL Server 2017 Query Performance Tuning, 5th Edition and SQL Server Execution Plans, 3rd Edition
    Product Evangelist for Red Gate Software

  • GeorgeCopeland

    SSCertifiable

    Points: 6885

    I know who I would fire, and it wouldn't be Suzie in accounting.

  • Dave62

    SSCertifiable

    Points: 6417

    "If you have a privileged account, you better be really careful about opening any attachments from email."

    It may be a better practice to not use the privileged account for email at all.  Use the regular account for email and then be really careful.

    Dave

  • Jason-

    SSCrazy

    Points: 2513

    Without knowing the details of the email that the employee opened it's hard to say. There needs to be a judgement call as to whether or not the employee should have reasonably known not to open the attachment. Was the employee being too lax in standard procedure, was he/she not following a well known procedure? Is this the first such incident for the employee or even for the organization? These all play into a termination decision.

    My general thought is termination is fair if and only if someone is circumventing a well known standard process or violating a well known policy, and I say well known because it needs to be a common practice or a policy that everyone generally adheres to, otherwise accountability should fall to the person(s) responsible for the monitoring and enforcement of the policy. Termination is never fair just to save face, though it does happen.

    -

  • Ralph Hightower

    SSCrazy

    Points: 2770

    What if it had been the director that opened the document?

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 715841

    Dave62 wrote:

    "If you have a privileged account, you better be really careful about opening any attachments from email."

    It may be a better practice to not use the privileged account for email at all.  Use the regular account for email and then be really careful.

    Dave

    This doesn't really help. If the system puts a virus/trojan on your machine as a normal user, it could still potentially spread if you executed a sudo or runas, especially if written to look for those commands. I start to lean more towards emails ought to be quarantined somehow to run in a VM.

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 715841

    Ralph Hightower wrote:

    What if it had been the director that opened the document?

    I've seen this before. Management or management assistants getting fooled because they're busy.

  • Eric M Russell

    SSC Guru

    Points: 125020

    And then what... - Hire a replacement DBA or engineer who doesn't open email attachments?

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 715841

    Hire one that doesn't open the ransomware ones.

    NO idea of the details, but I do worry about a manager covering their own self-interest by firing a staffer. Could be justified, could not be. Something to think about as you go about your day.

  • SQL Simon

    SSC Rookie

    Points: 25

    The point is that the rules\guidelines should apply to all employees.  Would a director be fired for doing it?  I'd guess not.

  • Eric M Russell

    SSC Guru

    Points: 125020

    Another angle is that maybe the ransomware attack isn't purely the result of bad luck, brilliant hacker engineering, or incompetence on the part of the organization. Maybe someone inside the IT organization is assisting with the ransom. That IT lady who says: "Sorry, boss, we can't recover from backup.", maybe she's working with the hackers and getting a cut of the ransom, or maybe she even orchestrated the entire thing solo. It's not that technically difficult to setup a ransomware attack, not when there are DIY kits on the web and the ransomer has inside information about both the organization's infrastructure and financial ability to pay. Even if she ultimately gets blamed for incompetence and fired, she's still walking away with the keys to $$$,$$$ or more in bitcoin.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • jay-h

    SSCoach

    Points: 18808

    I was at first thinking of this as analogous to a truck driver who gets into an accident. Even a careful driver can wind up having an accident, and it's not necessarily a firing offense*. But this is different because normally no one is consciously trying to trick a truck into a crash...whereas the phishing provocateur is doing as much as possible to lure the IT person into a mistake. It's always easier to mess up when someone is trying to fool you.

    * except one crash I witnessed where a driver tried to force his truck under a plainly labelled low bridge, pretty much destroyed the trailer. Driver got out and was talking on the phone... I can only imagine what that conversation was like

    • This reply was modified 1 month, 3 weeks ago by  jay-h.

    ...

    -- FORTRAN manual for Xerox Computers --

  • hjp

    Default port

    Points: 1434

    Dave62 wrote:

    "If you have a privileged account, you better be really careful about opening any attachments from email."

    It may be a better practice to not use the privileged account for email at all.  Use the regular account for email and then be really careful.

    Dave

    I completely agree. If security is a concern then why would you as a "manager at a high level" have a "high privileged account" AND use it for internet access and emailing? IT staff has used multiple accounts for decades, and if you are working in national security, you don't even have physical connections between internet-exposed machines and the delicate stuff in your machine-room. It is all a matter of risk appetite. No need to fire anyone. Just learn from the experience, and remove someones privileges or set up proper security habits.

  • hjp

    Default port

    Points: 1434

    Steve Jones - SSC Editor wrote:

    Dave62 wrote:

    "If you have a privileged account, you better be really careful about opening any attachments from email."

    It may be a better practice to not use the privileged account for email at all.  Use the regular account for email and then be really careful.

    Dave

    This doesn't really help. If the system puts a virus/trojan on your machine as a normal user, it could still potentially spread if you executed a sudo or runas, especially if written to look for those commands. I start to lean more towards emails ought to be quarantined somehow to run in a VM.

    And points are given for raising my awareness towards more advanced attacks which doesn't fire immediately once inside (as I have seen until now), but waits for the user to run something with elevated rights. I still think it is considerably more difficult to spread as a virus, because the logged-in user's access to resources are limited, so the virus needs to open op the connections itself - defense systems can take measures against that.

Viewing 15 posts - 1 through 15 (of 18 total)

You must be logged in to reply to this topic. Login to reply