Lesson learned: Define the critical security events that are most likely to indicate malicious activity, and always research them to their ultimate conclusion when they occur. You can't chase down every potential false positive; know which ones are the deadliest and put in your due diligence.
Colossal security mistake No. 4: Reading confidential data
If the CEO is the king of the company, then the network administrator is the king of the network. I know many network admins who've allowed their godlike access control to tempt them into viewing data they didn't have permission to see. In military parlance, you need proper clearance and the need-to-know.
Over the past three decades, I've known several network pros who've not only looked at data they weren't authorized to view but bragged about it. That's stupid, and they shouldn't have been surprised when they were called in to turn in their keys and hand over company equipment.
There's one big caveat to all of this: acceptable use policies. I once consulted for a company that found out an IT security employee had read all of senior management's email. In this case, the "company" was a city, and senior management was the city council.
The employee had bragged several times to other employees about having the ability to read anyone else's email and was later caught reading the city council's messages. The employee was fired and filed a lawsuit for wrongful termination. The judge concluded that the acceptable use policies the employee signed did not specifically forbid this hacking instance; the employee prevailed and went back to work. Imagine having to work with that guy again.
Lessons learned: Don't access data you don't have valid permission to see, and consider helping data owners/custodians to encrypt their confidential data with keys that you don't have access to.
Colossal security mistake No. 5: Invading privacy
Invading a person's privacy is another surefire way to put your job on the line, no matter how small or innocent the incident may seem.
A friend worked at a hospital and once heard that a famous celebrity had checked in. The friend performed a quick SQL query and learned that the celebrity was in-house. They didn't tell anyone or do anything.
A few days later someone in the primary care staff leaked to a popular media site that the celebrity was being treated in the hospital. Management asked for an audit of who accessed the celebrity's records. The request came to my friend, who reported the results of the audit and self-reported their SQL query, though it had not been tracked by the information system. Management fired everyone who accessed the medical record without a legitimate reason. My friend, who would never have been caught if not for their aboveboard honesty, was fired without remorse.
Sign up for Computerworld eNewsletters.