‘Take your time then’: Senior attorney refuses to give laptop to IT contractor despite security concerns, costing law firm thousands

Advertisement
  • 01
    16:03 "Fine, don't give me the laptop"
  • 02
    Too Important To Comply Short Due to a severe data breach, I was contracted in to reimage 750-800 field laptops in an org. Serious endeavor. Basically sending out a range of newly imaged laptops and relying on returns from across the US to keep up the cycle. Got the flow down and was at the very last of asset check off.
  • 03
    My LAST in the wild laptop? Hawaii??? The Arctic Circle??? Oh, no, no, no. It was the Senior attorney for the corporation who was literally a floor above me, and held out using a brand spanking new Precision 5500, but insisted on using the "possibly" compromised laptop, on our rebuilt network. He was blacklisted to Guest SSID, and b_hed about getting kicked off the network constantly. ( He was also using a cellular hot spot to VPN in when he was in the building.As I was a contractor an no one ha
  • 04
    cajones to confront this idiot, they kept kicking the can to me to persuade the guy. I had already backed up and stored his 'old" machine and asked nicely several times to validate his data on the 'new" machine. I got curious cuz this guy was becoming a royal PIA and my finalization for remediation was being held up by one asset. Turns out He was running his son's baseball league with a totally unapproved "league"
  • 05
    app on his corporate laptop. (This place was the wild west with admin accounts before the breach, who knew?).I copied the DB for the league, grabbed one of our decommissioned "legacy" burner laptops and set up all his personal cp on it. Yes I violated his "asset". Guy literally was in every C level meeting about data security and high level meeting about remediation and cost of response. It came down to a nudge
  • 06
    nudge wink wink to get him to comply. I never ratted him out for that software. Honestly I made a så tton of money waiting for him to comply. But if/when that corp has another breach, he's the first fi er I'd talk to. Edited for para/spelling
  • 07
    Dranask 11 hr. ago . Yup it was a very senior member of staff whose misuse of system that allowed the ransomware attack, everyone's data lost. After a fortnight all was good with the help of the IT support company everything was wiped and then restored from backup. Instructions were Do not access the old files which we thought were all deleted. I then went on scheduled holiday. Heaven knows where or how but she found an old file opened and reignited the ransomware.
  • 08
    Then told me while I'm in a different continent and expected a reaction destroyed my holiday all I could do was worry and chase the IT support company. Again all sorted. I lost a holiday wife had to put up with a worried husband. God I hated that staff member, indeed still do. 103 Reply Share
  • 09
    avu3 10 hr. ago Don't look at me. I didn't do it. Excellent resolution. Its that kind of critical thinking that helps get ahead in the world. Its not "I must ram this solution through", its "how can I accomplish the goal with minimal friction." A dedicated secondary laptop for the baseball league? Chump change to resolve the issue. Reply Share 33
  • 10
    Throwaway_Old_Guy 10 hr. ago I suppose as a Contractor you don't have much say in who does what in the C-Suite. There still needs to be some sort of accountability for this person because, ultimately, they will throw you under the bus if another breach happens since you provided the means to do so. 29 Reply Share
  • 11
    Loko8765 10 hr. ago Well, one would hope that the old burner laptop with the personal software only has access to the non-secure guest wifi! 10 Reply Share
  • 12
    LupercaniusAB · 8 hr. ago It's a law firm. 42 ↓ Reply Share
  • 13
    mbkitmgr 10 hr. ago Cause it never applies to them..... Absolute idiots. When I was an IT Manager I reported to a Director of Corp Services who also sat in meetings no IT topics and the exact same thing happened. In the end I "tweaked the network" so that he became increasingly frustrated at his device going down - he relented. Karm came when he figured it out and reported it to the GM - in the meting of the 3 of us the GM's answer to him was "What did you expect?"
  • 14
    jbartlet827 10 hr. ago This is exactly why I put software on every laptop that lets us remotely freeze, brick, or reimage any/all machines. You give them a date and then just hit the button. Reply Share 23 pockypimp 9 hr. ago Psychic abilities are not in the job description At my last job I created a process in the RMM to brick a laptop if we needed to. It ran a sequence of commands that I think were:
  • 15
    • used a command/PS to wipe all cached credentials uploaded a new default wallpaper for the lock screen that had our logo and the words "Lost/Stolen Device" in red at the top above our company logo and our phone number underneath • force shutdown the laptop ↑ 17 Reply Share
  • 16
    Chocolate Bourbon - 3 hr. ago At my last company we had a strict policy of no personal apps on our laptops, no personal devices connected to our laptops, and no logging into personal websites like email accounts, etc. However, The CEO had a portable hard drive that had his personal music library on it. He would connect it to his personal laptop to administrate it the library. Then he'd connect it to his work laptop to listen to his music while
  • 17
    working. On both he used a personal app to manage and listen to the music. And he sent/received personal emails all the time to stay in touch with his family while working. My father managed a 4K org for a few years. One of his lasting regrets was his inability to stamp out this kind of favoritism. He once complained he couldn't even have the assigned parking spaces eliminated. He hadn't been in charge long enough. 45+ Reply Share
  • 18
    fresh-dork 9 hr. ago honestly, that's about the best way to handle it. and now you have a good rep with a heavy hitter Reply Share 6 ♡
  • 19
    MoneyTreeFiddy - 7 hr. ago Mr Condescending Dickheadman Little League data, Major League breach. 7 B Reply Share

Tags

Scroll Down For The Next Article