Employee incompetence is a hacker’s best friend

Security breaches — they’re an IT issue that’s difficult to prevent completely, but even harder when the threats develop from the inside, whether it’s hardware stolen by dishonest employees or data loss caused by oversight within the ranks.

How does a techie deal with security issues effectively when executives, IT managers, or fellow admins don’t take the necessary precautions? Bureaucracy and incompetence make for tricky situations.

[ Do you have an IT security story to share in InfoWorld’s Off the Record blog? Send it to offtherecord@infoworld.com. | Read Off the Record stories of stolen hardware and other dishonest dealings. | For more security insights, check out Roger A. Grimes’ Security Adviser blog on InfoWorld. ]

Here are a handful of stories from the Off the Record archives that are written by tech pros about their memorable experiences dealing with security vulnerabilities that could have been prevented. Security technology and procedures may change, but handling users’ security misunderstandings or oversights does not.

• “Steal my data, please.” A university’s server gets hacked, all because the boss was too scared to install a firewall.
• “An IT contractor discovers too much company information.” Just days into a short-term contracting job, a techie unearths a surprising security risk — and exposes the network admin’s misplaced priorities.
• Take an open network, add file sharing, and you have a security hole big enough for a battleship — and a reminder of why it’s important to let technical people set technical policies.
• “My unnatural disaster.” Who needs malicious hackers when you have admins like this?
• “Danger inside the firewall.” That nice, new wireless router the auditors brought in might as well have been a ticking bomb.
• “Why trouble employees with passwords?” Job title: Manager of network security. Instructions: Could not require anyone to have passwords, because it was asking too much to make people remember them. What could go wrong?

This story, “Employee incompetence is a hacker’s best friend” was originally published at InfoWorld.com. Read more crazy-but-true stories in the anonymous Off the Record blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.