As soon as he lurched onto the train, I could see he was
having a bad day. It did not look like it was getting any better,
because he was already on the phone before he had finished fighting
his way to the last vacant seat.
He was an ordinary looking bloke - slightly dandruff-stained
business suit, iPod headphones dangling round his neck, cartoon tie
- you know the sort. I did not realise just how dangerous he would
turn out to be.
The 8:15am train is always crowded, but at least the new rolling
stock is a bit quieter than the old stuff - quiet enough to be able
to enjoy everyone else's conversations.
He had meant to catch the earlier train, but his car would not
start. I know this because he explained it loudly to someone at the
office. "The office" was also having a bad day and I quickly
gathered that he was a fairly senior IT manager - senior enough to
get angry when other people were also late in on a Monday
morning.
Alas, poor Rachel
The mail server was down, the systems manager was missing and
someone called Rachel was trying to sort it out. But Rachel, being
only some lowly helpdesk droid, did not have the right passwords.
Oh, and the web server needed a restart too.
Annoyed, but oddly pleased with himself, our friend whipped out
his laptop and started dictating the name and password of the
privileged account on each server - together, rather pointlessly,
with their IP addresses. Then he waited, snorting into the phone
while Rachel sorted things out.
Panic over, he phoned the garage and organised getting the car
towed in. From which I gleaned his name, the make and registration
number of his car and his home address.
By now he was on a roll so, fortifying himself with a coffee
from the trolley, he phoned the bank and paid his credit card bill
- giving me his credit card number, current account details and
security pass phrase.
All information in
By the time the train arrived at Waterloo he had completely run
out of confidential and personal information to divulge to the
world at large.
The temptation to give him a slap across the head as I walked
past was almost overwhelming - but now there are CCTV cameras and
you have to be a bit more careful.
Instead, I handed him the piece of paper on which I had written
down all the interesting details - along with a polite "I think
this is yours " I did not look back, but I expect his expression is
recorded on video somewhere.
I hope I gave him a bit of a shock - I mean it is not the sort
of thing a chap should do, is it, listen to another chap while he
is on the phone. But I suspect that it was not enough of a shock to
make him change his behaviour.
So if this unimaginative gentleman works for your company, here
is a suggestion. Give Rachel his job and put him on the helpdesk -
I suspect that he could do less harm there.
John Gilbey teaches IT service management at the University
of Wales
Related article:
From IT geek to security rock star
David Lacey’s security blog
The latest
ideas, best practices, and business issues associated with managing
security
Stuart King’s risk management blog
Dealing with
the operational challenges of information security and risk
management
Comment on this article:
computer.weekly@rbi.co.uk