Revisiting the IT Security House of Horrors

IT security can be freakishly frightening, especially when your clients and their employees don’t seem to care.

Halloween season is in full swing, so there’s no better time to discuss the scariest and most disconcerting things a solution provider ever encounters (at least on the tech side). IT security can be freakishly frightening, especially when your clients and their employees don’t seem to care. As those who attended this year’s ChannelCon Conference found out, customer interactions stories can be quite chilling.   

Several of those almost blood curdling tales were shared by solution provider members of the IT Security Community during their meeting at the event. The good news is we have video. So be sure to check out the full stories of what are essentially good people doing basically all the wrong things (sometimes quite badly) with their data and network protection…

First up was Victor Johnston of Johnston IT Consulting, who won the day with his tale of the college campus where he also served as an adjunct faculty member. Being a tenured IT security professional, he noted their computers were operating without active anti-virus or firewall protection in place, without a USB policy either. He also noted a keystroke logging dongle had been attached to one of their work stations and a common practice among instructors was to use the same passwords for virtually every system. After approaching the administration with his concerns, the tale got much more disconcerting. Check out the rest of Johnston’s IT horror story here.

Next up was Chris Johnson of Untangled Solutions, who discussed a company that was paying for block time that they were not consuming. That wasn’t the disturbing part, but it did lead his team into an unsettling situation. During an onsite visit at this financial institution, his team found out their client’s last backup was in 2014, the CEO was using sticky notes for passwords, there was no drive in the NAS and a host of other protection concerns. Following the conversation, the company sent Untangled Solutions all their banking info by email ─ including routing and credit numbers (unsolicited).

The Untangled Solutions team employed a new tool to illustrate the severity of the issues. “We used the CompTIA IT Security Wizard to show our client what their vulnerabilities were. Using this program, we were able to show the company the true risks of not having a firewall properly configures as well as all the other things a financial institution needs to have in place at all times.” Hear the terrifying tale yourself

The horror story shared by Eric Pinto of Relyez centered on Retail Therapy, a small flower shop (a typical SMB organization) run by the typical entrepreneur who just didn’t understand the risks associated with her actions. The owner kept a file of vital client account information on her desktop for reference, helping her provide more personalized customer service. That old school management process left her customers’ information (birthdays, personal data and credit information) susceptible to theft. Find out how her issues were addressed in this short video segment.

Nick Stricker of ESPO Systems gave a back-to-the-future style recounting of email security vulnerabilities, focused on the Dridex Malware Crew that typically targets financial credentials using old school methodologies. These security threats use malicious macros inside Word files to seek out finance departments’ bank account credentials. The subject line generally leverages financial terms, drops files, modifies registry settings and sends all that data back to a remote location (typically in Russia). According to Stricker, antivirus detection rarely catches these types of threats. Check out the rest of his story for best practices on the detection and neutralization of these costly vulnerabilities.    

After sharing their stories, these IT Security Community members took a few questions from members of the audience (see the Q&A video segment here).

Why recount these tales of potential business disaster? Consider it a scared straight session for IT service providers, offering insight into common customer mistakes that become consulting and sales opportunities if caught and properly addressed. 

Have your own IT horror stories to share?  Please email those tales to CompTIA Member Director Lisa Persons (without client names or details of course).

 

Brian Sherman is chief content officer at GetChanneled, a channel business development and marketing firm. He served previously as chief editor at Business Solutions magazine and senior director of industry alliances with Autotask. Contact Brian at Bsherman@getchanneled.com.

 

Email us at blogeditor@comptia.org for inquiries related to contributed articles, link building and other web content needs.

Read More from the CompTIA Blog

Leave a Comment