Last week, during our user conference, I was doing a training session, one of the many I presented, on dealing with with confidential data within our platform. One of the points I made was that, at the end of the day someone with the proper skills needed to be the administrator of that platform, and as the administrator, they would have access to anything and everything. Much like a network administrator in any business, you either had to trust that person to do the job, and obey all of the proper policies regarding confidential information, or you had to do the job yourself.
On the other hand, while you certainly have to trust, you can also verify, so I showed the class how to run an audit log, which would show you if your admin had gone into a confidential project and looked at the data. I then opined that if I were in charge of a company and saw that my admin had been accessing confidential information, I would fire them right then and there, because I could no longer trust them.
That might sound harsh but at the end of the day, the folks with admin rights have so much responsibility that having one you don’t trust, isn’t worth it.
Today, I read something that made me want to go back and amend what I said about firing them. You might also want to make double sure and disable their access immediately too!
Ricky Joe Mitchell, 35, admitted that in June 2012, shortly after he learned he was going to be fired, remotely accessed EnerVest’s computer system and reset the company’s network servers to factory settings, essentially eliminating access to all of the company’s data and applications for the eastern US operations.
Before his access to EnerVest was terminated, Mitchell went to the office after business hours, disconnected critical pieces of computer-network equipment and disabled the equipment’s cooling system. EnerVest was unable to fully communicate or conduct business operations for nearly 30 days.
The company spent hundreds of thousands of dollars trying to recover historical data from its network servers. Some data was lost forever.