Prepare for Access Disaster, Unlike San Francisco

San Francisco's information technology disaster has been averted. According to Wired's Threat Level blog, Mayor Gavin Newsom managed to convince a city IT employee charged with a number of cybercrimes to provide passwords that allowed administrators to regain full control of their FiberWAN network. Had he kept the passwords to himself, officials had indicated that the system might never have been fully accessible.

The employee alleged to have seized control of the system, Terry Childs, is also apparently the lead architect of that system. Which begs the question about who handed him the keys to the kingdom? An enormous breakdown occurred in what should be typical protocols to avoid this situation. Imagine if Childs had been hit by a bus with no alleged misdeeds involved?

This should get you thinking. Even if your network involves a dozen machines or 500, and not hundreds of millions of dollars worth of systems and data, do you have chokepoints where one critical worker controls all access? If that worker is laid off, fired, or dies; or if they decide they need to quit in order to minister to starving children in a distant land - what do you do?

Business owners need to know all the critical passwords and control points for their systems, and need to secure those as well, and store them in a secure way off site. That could be a secured USB drive stored in a safe-deposit box - or sent to a trusted colleague or sister company or branch office 3,000 miles away.

Subscribe to the Security Watch Newsletter

Comments