November 17th, 2003, 03:12 AM
Disgruntled Employees. An Infosec Nightmare.
We as technicians sometimes forget the details of human interaction and interpersonal communication determine the succes of a closely knitted department such as IT. You may or may not be buddies with your co-workers. For those that you hang out with after work or eat lunch with everyday, their motives are probably apparent. They want to do a good job for you or those with concerns will be able to openly discuss them.
On the other hand, there are the guys that have the office at the end of the hall or in the basement and you see them when they work late or in passing or by the coffee machine. This could be your telecom guy or your network admin. or your intern. You ask "How are you coming on that project?" or "Don't forget we have that meeting at 3:00." You depart thinking that you need to grab your docs off the printer or top off your coffee cup before heading back to your office. But what does the person that you just spoke with think? Do you know?
They see it as the only time that you speak is when you give them orders or check on the status of a report that the department as a whole will probably get cretdit for. What if this guy has been under the gun from day one? What if his or her workload has been more than they could handle for some time, yet no one asked if they needed assistance? What if they did not get that raise that they were hoping for at the end of the year? As far as everyone knows, this person puts in 40+ and never complains about tasks given to them. No one ever thought this guy was dropping easter eggs all over the network and creating back doors here and there or even putting IP addresses and passwords out on hacker forums.
How would you know? There is a better chance that you could prevent this type of scenario easier than knowing it was going on behind the scenes. It is important to have a closeness and a sense of trust among IT personnell. Especially in your networking and systems group. If this person that was previously mentioned, was invited out to lunch everyday with everyone else, or if some of the other guys/gals said "Hey, wanna go down to the pub with us after work?" or "Some of us are going on an X trip this weekend, would you like to go?" An issue such as this may be nullified. Or at least, after a few beers down at the local bar, you may hear, "Well you know, I've felt really pressured lately to get the X project finished and I'm afraid I will not be able to meet the deadline" All of the sudden, an avenue of communication is open. What if the next response is, "I was speaking to the director about this project the other day and he said that you would probably need help, but you have not asked, so everything must be going ok." Who knows what could come out, eh? I'm not devoting this openess to the beer either. It's just plainly interpersonal communication.
So what happens next? The tech rolls into work the next morning and deletes malicious code on the network that was put there to wreak havoc 100 hours after he gets canned, then goes and asks the director for help on the current project. So, what am I getting at? A large percentage of cases of compromised network security happens from inside the company and the worst aspect of a disgruntled worker is that you will not know their tenure until it is too late. So, get to know your co-workers. Don't allow anyone to be a loner. Periodically find out what is going on with everyone at work and at home. The closer you are with your teammates, the more understandable and predictable everyone becomes.........
There are many rewarding oppurtunities awaiting composure from like minds and great ideas. It in my objective to interconnect great things.