Tech Tuesday ? Lesson Two ? Cleaning up the Mess with Fergus Cleaver

I have, this morning had a conversation with a distraught accountant, one Fergus Cleaver. The young fella (26) was almost in tears and was explaining to me how he got hacked (unlikely) and how it was all a terrible mistake (you bet it was).

He said that he had apologised to the young lady concerned and busy trying to undo the damage that he says he didn’t do. I beliieve him that he is sincere about his apology. I really do, because a) either he is pulling an Oscar performance or he really is deeply upset, b) The Accountants Society is crawling all over his ass.

On the drive back hme I thought long and hard about taking the post down, ut then I thought a bit more about it.

Is it all just a terrible mistake, a hack if you will?

Well I don’t think so. These days with technology hacking is very rarely the fault of a “terrible mistake” like this. In this incident I don’t think hacking is to blame. I would place the blame on several things;

  1. NZ small business propensity to go cheap in IT infrastructure.
  2. IT support companies that do cheap IT infrastructure.
  3. Small business owners that have zero concept of physical and information security.
  4. Stupid staff/owners who leave logged on PCs with not even basic password protection.
  5. Not vetting cleaning staff

Here is what I think happen in the Fergus Cleaver case. Everyone went home and left, later the cleaners came in and because for whatever lame reason they brought their kids with them, so while mum and/or Dad were cleaning the kids had a play. They saw an email and sent out a rude message. They maybe did this to 10 or 11 messages.

Not that is plausible, but my experience with cleaners kids is that they rarely do that, sure they steal, sure they fuck things up and sure they use the computers to play games. What they never do is login, open email and send messages. Most don’t have the capacity inside their skull to do such a thing.

Now I’m not saying Fergus is lying here, I have had several emails to suggest he is a good guy, plus he sounds really, really upset by this. But to be honest it is a screw up that rests entirely on him and his partners shoulders.

Their IT set-up is woeful if a kid can get on and send messages in the evening. Physical security of workstations and staff desks is woeful, the staff aren’t properly trained in the use of technology and the security risks for themselves and their customers data. I bet every port on the router is open too.

Sure it is a terrible mistake but should I take down the post because he is embarrassed and he asked me to. Well, as I said I have thought about it and no I’m not going to take it down, because what is said cannot be unsaid. It is a story worth telling not just from an entertainment perspective but also for a salutary lesson in sorting out your shit in the office. The email cannot be re-trieved and by now has certainly gone all over NZ, I’m expecting it back any minute. This is the world we live in and removing my single blog post isn’t going to undo that. Unfortunately Fergus is just going to have to stop ringing me and begging, HTFU and wear the consequences of lax security in a social media age.

If I was Fergus I would get an audit done, prove that no client data was touched and get on the phone or better still get around and visit those clients he gets 80% of his revenue from and get on his knees and beg them to stay rather than constantly ring me to get me to take down what I won’t. Learn you lesson hard, I certainly have had to over time so why not Fergus. He is young he is probably trying to deal with the biggest crisis in his life since he was dumped by txt when he was 16. In 2 years no-one will know or care because some-one will have done far worse and be more famous.