How dangerous user behavior puts networks at risk

IT managers share tales of how users' actions can cause security nightmares

As CIO at Bunker Hill Community College, Bret Moeller embraces students experimenting with technology as part of their education, but he'd prefer if their independent studies didn't involve hacking into the college's network.

"There are some students who discover at school that their whole point in life is to hack into the college's network to either glean information they have no right to access or to simply kill the network to prove they can do it," says Moeller, who works to manage and secure the Boston-area college's network.

"We can detect scanning on our network and we try to lock things down as much as possible or not allow software on workstations, but sometimes there can be a hole in our protections. We can't control the end users to the same degree one can in a corporate environment, but we still have to do as much as possible to secure the environment from end users," he says.

Yet, Moeller may have more in common than he realizes with corporate network and security managers.

Recent research from the Ponemon Institute revealed that a majority of users disobey company security standards -- and they do so knowingly. In addition, survey data just released by RSA shows that trusted insiders "create data exposures of extraordinary scope" through their everyday behaviors.

"End users are smarter than ever. The advent of the PC at home and not just work anymore, as well as the ability to look up and verify what the IT people are saying to you, is a different world," says Steve Moore, technology leader at Mary Kay Cosmetics in Dallas.

In addition, users can easily find detailed accounts of how to sidestep corporate policies, available from countless Internet sites and even laid out clearly in publications such as The Wall Street Journal.

With compliance regulations a constant factor, IT executives are caught between a rock and a hard place.

"We're constantly trying to balance the need for expanded access to information and the requirements to protect information from unauthorized and inappropriate use," says James Kritcher, vice president of IT at White Electronic Designs in Phoenix. "We now have an expanding number of accounts, passwords and other mechanisms to manage access to various resources. The resulting overhead and complexity increases the likelihood that inappropriate access may be granted."

For instance, users can unwittingly grant inappropriate access to coworkers, friends and family if they share too much information or neglect to update passwords. One area Craig Bush finds lacking among users is password security. He says the company has policies in place to ensure passwords aren't abused or revealed, but users consider managing passwords more of a hassle than a safeguard.

"It's funny how end users just don't think passwords are a big deal and think we are just here to make their lives miserable when we request them to change or update passwords," says Bush, who is network administrator at Exactech. "General password security is an area I see lacking among most end users. They just don't realize there is technology that can use their passwords to get information and corrupt the entire network."

Other times it's the more technology-savvy users who cause the most trouble. Users have tried to deploy consumer wireless routers at work, says Martin Webb, manager of data network operations, Ministry of Labour and Citizens' Services, Province of British Columbia, Canada.

"Consumer routers are shipped with all the security settings turned off, which makes it easier to deploy, but it also immediately creates holes with security on the network," Webb says. "It seems to be an innocuous thing and usually they are deployed without malicious intent, but it is still something we have to stay on top of or we are at serious risk."

Mixing business and personal life

Another common problem is when users try to take their work home with them -- but wind up taking more data off corporate networks and premises than they should. For instance, thumb drives, or USB flash drives, used improperly could bring a company to its knees, according to Albert Ganzon, director of network services and engineering at international law firm Pillsbury Winthrop Shaw Pittman in San Francisco. Being responsible for securing company and client data puts Ganzon into a state of heightened alert, considering information saved on a thumb drive is nearly impossible for him to secure.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Denise Dubie

Network World
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?