If you work with computers (especially around children, but I don't think that not working around children makes you immune to what happened) then what happened to the Connecticut substitute teacher Julie Ameroshould both shock and disturb you. Is your employer doing enough to prevent you from being the next Julie Amero?
Julie Amero has, through no fault of her own, been through four years of hell. Here you have someone's entire life, and worse still, health, trashed because the people in charge of the IT system at her place of employment didn't do their jobs properly and where the prosecution seemed more interested in a witch hunt than getting to the truth. In the end justice prevailed, sort of. A $100 fine and having her teaching credentials revoked is a lot better than doing time. What would have been better is if those people paid to look after the IT systems had done their jobs properly and prevented this from happening in the first place. And yes, this incident was 100% preventable.
What really scary about the Amero case, and what should concern you, is just how common the elements that contributed to Julie's arrest are in the workplace. Let's consider a few of them:
- Inexperienced IT admins - in this case the school district's IT admin was described by security researcher Alex Shipp as "an ex-IBMer approaching retirement who appeared to know little about PCs and networks."
- Obsolete software - Windows 98, and a discontinued antivirus package.
- Security software not being updated.
Any of these practices going on at your workplace? Fancy the chance to do time because these weak links in the chain allow a flood of malware-driven pornographic pop-ups to appear on your screen?
What bothers me is that I can think of tens, if not hundreds, of businesses and organizations where what happened to Julie Amero could happen to someone else. OK, the people involved might not be so eager to get the law involved, but you can't count on that. And the current economic climate will mean that more and more businesses will be relying on obsolete software and allowing subscriptions for their security products to lapse.
For the geeks among you, you might be interested in the defense forensic findings, summarized here. Makes for very interesting (and at the same time, depressing) reading.
Anyone here feel that the same thing could happen to them?