June 14th, 2017 – 12:01am PST:
Years and years ago I got a call from a client who said they’d received a suspicious E-mail from one of my coworkers and were hesitant to open it given the circumstances. The two hadn’t been in contact for some time, plus the E-mail subject itself was “strangely worded”. Delving further into the situation, it turned out the coworker in question, who we’ll call “Ricky”, had already left for the day.
His computer, however, was still on, and was sending out E-mails to every client in his address book, as well as our coworkers in the global address book for our company. When I approached my boss and asked for permission to disconnect Ricky’s system, I was refused. In confusion, I explained (again) that the computer in question was ACTIVELY E-mailing our clients with spam and links to malicious script. Yet again, I was refused. Without explanation. And told to get back to work.
A part of me, expecting that there was some strategy in the odd decision, wondered if my boss was taking the opportunity to embarrass Ricky, and even (potentially) hoping for grounds to fire him.
But no, that wasn’t it. In fact, nothing happened. The system sat there overnight happily E-mailing clients and coworkers alike into the wee hours of the morning. Ricky waited several days before eventually re-imaging his system.
There’s no “Ah HA” moment here. Some people simply don’t understand network security concerns. You’d think a manager would know better than to allow a system to remain on the network if it was infected, right? My view is, if you’re loud enough, and convincing enough, then you can get just about any job.