One of the biggest storms in recent memory hit the Eastern US in early November causing widespread destruction. There is always a lesson to learn from events like these, regardless of your location. For businesses, the storm made owners and managers pause and wonder if they are prepared for such a large scale event. They are forgetting to look at the smaller disasters that can be equally devastating. One such potential problem revolves around essential passwords, and who manages them.
Search for Terry Childs online and you’ll find a number of articles about a former Network Administrator for the city of San Francisco who is currently in jail for supposedly doing his job. His job, as a network administrator, was to manage the city’s network. When he was asked by his boss for the passwords to critical parts of the network, he refused on the grounds that the request went against the established network policy.
Issues like this: One employee or vendor in control of vital passwords, can pose a big problem to companies, especially during times of disaster. Imagine if you work with an administrator who is based in New York, and they lost power during Sandy. What could you do if your network crashed, or you needed access to your system and someone else has all the passwords?
The most crucial factor is you shouldn’t trust one person or organization with passwords to vital systems. We don’t mean personal passwords to systems, we mean passwords to vital systems, like servers or Internet connections. If one person has the passwords, there’s just too much risk. If they are disgruntled, they have the power to do some serious damage, and if they are injured or are no longer alive, you’ll face untold amounts in lost profit, and fees in recovering passwords and information.
There are a number of things you can do to mitigate problems like these.
If you are in the unfortunate position of not having the passwords to your system, it’s a good idea to get in touch with IT professionals like us, as we are often able to recover systems and passwords, or at the very least, reset them. After you recover your systems, it’s a good idea to test for vulnerabilities, especially if the last person in charge had a tendency to not share information. We can help with this and any other concerns with password management and recovery, so please contact us if you would like to learn more.