Sometimes, there is such a things as too much security. For example, instead of drive encryption software like AlertBoot, you’ve got a .45-caliber automatic to defend your server. Or, instead of using a magnetic degausser, you decide to empty rounds into your server using a .45-caliber automatic.
I mean, that’s why you’d bring a gun into a server room, right? Right?
Guy Gets Drunk, Shoots Server, Concocts Story
Not if you happen to be Joshua Lee Campbell, 23, working at RANlife Home Loans, a mortgage company in Utah. After spending a night of drinking, he went to work, shot a $100,000 server then called the police to report the crime (and pinned it on some unknown assailant).
Of course, besides being a ludicrous story (who the heck assaults a person and then proceeds to shoot out a server?), there were signs that Mr. Campbell might have been telling a tall one:
Police “could smell alcohol and urine on him” when they arrived on the scene [deseretnews.com]
Only one computer server was shot. Nothing else happened, apparently: no other equipment was destroyed, nothing was stolen, nada [various sources]
A coworker found Campbell passed out with his pistol next to him [deseretnews.com]
An acquaintance let police know that Campbell had threatened to empty rounds into a server and save the last bullet for himself [various sources]
If I had read this story on Variety or some other Hollywood publication, I would’ve assumed that this was Mike Judge’s follow up to Office Space. I can totally imagine the pitch: “It’s like Office Space meets The Fugitive. The red stapler will have a cameo, of course. Instead of a bat to the printer, it’ll be a Colt semi-automatic to a server: We’ve got to keep up with the times. We’ll use Rick Astley’s ‘Never Gonna Give You Up’ for irony, instead of the gangster song….”
Although I cannot imagine anyone being prepared for something like the above, the truth is that this is not the first time a company has had problems with an employee. From memory, I can think of instances where an employee planted a logic bomb; stolen hardware; stole data; hacked into company servers after being fired; and deleted files and databases.
These are real concerns, and companies have to be prepared for such scenarios, which is why data security runs the gamut of:
Limiting physical access, such as locked doors and cabinets
Regularly backing up data and storing them in safe locations
Having contingency plans
Some even claim that employees must be forced into week-long vacations once a year, just to see if anything breaks down and instances of fraud show up (something that won’t happen if the person is around to manage the crisis). Man, what I’d give to have that enforced….
The point of all this rambling: data security is not just about securing data, such as using laptop encryption. You must also ensure that you can recover any necessary data for when things go wrong. Don’t forget to backup information (and perhaps have that encrypted as well). The more critical the data is, and the more often it is updated, the more you need to back it up.
Related Articles and Sites: