If you are familiar with my work you’ll know that I dabble in many facets of the computer industry. One of these dabblings is within the world of Information Security. Seeing that a breach of that security can cost me my job and my company many billions of dollars, I’m pretty anal about it all. So, when I see a blatant violation of IS protocol on television it really gets my pocket protector in an uproar.
Case in point: the last new episode of The Office. You know, the one where Angela ended up licking her cat (sorry, just threw up in my mouth a bit while writing that). While there was plenty of cat porn and cat porn references there was one unrelated scene that wanted me to raise a Security Incident Response Ticket.
It featured Michael standing at the empty desk of his lost love Holly. Trying to think of some way to take a piece of her with him, Michael decided to cut off a piece of a sweater that was hanging on her chair. This isn’t where the security breach was, though it was somewhat creepy. The security incident occurred when he jiggled Holly’s computer mouse and her desktop popped up on her flatscreen. Seeing a document with his name on it Michael whipped out his thumb drive (that’s what she said), popped it into Holly’s computer and downloaded the document for a later review.
Where to begin with the breaches of security? Let’s start with no password protection for Holly’s desktop. Being the HR representative for the Nashua branch of Dunder Mifflin, password protection is of major, major importance. Not only does she have a certain level of access to corporate information, but I’m sure the personal information of all the Nashua branch employees is stored in a clear-text file on her server. That’s a lawsuit waiting to happen should someone take a quick gander at all of that personal data and use it in a malicious fashion.
Next is the availability of an unsecure USB port. It’s bad enough that someone can get on Holly’s desktop and pull employee Social Security numbers. With an available slot for a thumb drive, and possibly a writable DVD drive, anyone can take that information home with them and use it to their heart’s content. No way should a HR representative of a corporation like Dunder Mifflin be allowed to have a desktop with a thumb drive. If Holly needs to work outside of the office it would be best to access her desktop by a secure connection.
Dunder Mifflin, as an Information Security specialist I give you fair warning about your computer practices. You keep your desktops wide open and you’re going to have people like Michael Scott pulling all sorts of information from your company. Before you know it, your customers will be someone else’s customers and you will be at the bottom of the paper-selling barrel. So, take some time and lock down those computer screens. You’ll be better off for it, trust me.
Clacked by Richard Keller 
on Feb 24, 2009 @ 15:00 EST5EDT
It was Michael’s thumb drive, not Holly’s. You’re implying that IT should block all of her USB ports for the sake of security. That’s ludicrous.
I agree with the auto-screen lock with password prompt, but you’re reaching for something with the thumb drive issue that is simply not there.
Wasn’t it Michael’s thumb drive?
*POST AUTHOR*
It was Michael’s thumb drive. I corrected the post reference the unsecure USB port instead.
As to the availbility of this USB port I still stand by my reasoning. She should not be given a server that allows the use of downloadable devices, especially since she’s has access to confidential personal data. It’s a lawsuit waiting to happen.
Yeah if only Holly had a secure desktop that would surely prevent the employees (like Dwight) from rooting around her actual hard copy files located in the unlocked file cabinet at her desk.
*sigh*
You agonize over this after Dwight pulled a bowie-knife in a CPR lesson?
Seriously, get your priorities straight :-)
Let me tell you a story about when I worked at Bertelsmann as a student. The “IT guy” we had there was 31 years old (I was 20 back then) – our servers were running Windows NT 4, our workstations were too. We had our “office” in a big room with just one large desk with 8 computers on it. I made a screenshot of the windows desktop and set it as desktop background image, moved all Icons on the desktop to the far lower right, told the taskbar to hide (while the screenie showed it of course). The guy didn’t know how to bring up the taks bar with the keyboard (CTRL-ESC does it) and back then there was no “Windows” Key.
So our IT guy comes in, starts his computer, tries to start a program – nothing. He clicks on “Start”. Nothing. He powers his machine down, starts it up again … and does that four times. Finally he decides his machine is broken and he needs to set it up again with the install cd.
God I was laughing tears during that and managed to get the CD away from him in time. God he was so sure that the machine was broken it was ridiculous. It was my second day at the job and our boss noticed the whole ordeal and while it wasn’t my goal to get ahead it basically ruined the guy’s reputation. He was so sure of himself and treated me like an ass the whole first day – so I thought “what’s the difference?”. About twenty people witnessed this and it was such a simple thing to do.
Idiots as Administrators – you definitively find that even in big companies. Most of the time it happens because something new comes in and they don’t think about what could go wrong. They are used to PS/2 connectors for mice and keyboards and don’t utilize USB – and simply don’t know that it’s a huge open barn door.
Having worked in IT for many years (for my sins) I agree with you about the lack of security, BUT I disagree that this is anything but commonplace. I’m sure I could walk into any 5 random modern businesses the size of Dunder-Mifflin with a thumb drive and bring back all kinds of unsecured data.
And DUNDER MIFFLIN? Of COURSE they’d have lax security. They let Michael Scott manage a branch, and they let Dwight keep his job after setting the office on fire and being caught with weapons on multiple occasions. And putting a garbage bag containing a live bat over a co-worker’s head. And…
This problem has been resolved.