It’s hard to stay on top of security threats. New viruses and exploits pop up every day, many security managers can barely keep their heads above water. Want a leg up? Get the Cisco SIO To Go iPhone application - it’s like having a Cisco security expert in the palm of your hand. Available now on iTunes

So, tell us your worst! Ever forget your email password and have support send you a new password – to your email address? What about vague and unenforceable Web acceptable use rules? Can’t take a video on your own personal smart-phone because IT has disabled it so you can access email? The list goes on! Here’s a few videos of horrible IT security scenarios to get you started.

Send us your story or make a video and send a link - we love to commiserate with your security woes!

  1. It happens at least once a year, and this year it happened twice and though we make the point with memos and lectures, there always seems to be someone who gives their work PC to the kids at night.

    The situation is familiar: To save on expenses, folks buy fewer home PCs, but their kids want to use them more than ever. Enter the corporate laptop into the home Web surfing environment — a recipe for disaster for IT.

    And it’s not just kids playing games and doing homework. It’s spouses using social networking — and that uncle nobody talks about surfing porn on your corporate machines.

    We’ve gotten better at catching these compromised machines early, so instead of it being the big problem it used to be, last year it mainly just confirmed our investment in end-client security.

    The worst offender? A procurement manager who was found to have a keyboard logger installed on his company-issued laptop. And this was a guy who spent several $100K a year online for the company.

  2. I used to work for a tech-support company with many small-business clients. One client was notorious and would call with extremely naïve questions and who clearly had little familiarity with computers. If he called at the end of a shift, support staff tended to save the call for someone on the next shift to handle.

    One evening after hours, he called and left a message that mystified us all: “The ball is bouncing. It is bouncing. And exploding!” he exclaimed. When I called him back the next day, he repeated the story, but I couldn’t for the life of me figure out what he meant. He just kept saying, “The ball is bouncing, the ball is exploding!” During the call, a number of my coworkers collected outside of my cubicle, listening to the conversation, trying to supply tips, and giggling quietly.

    Then it dawned on me. The screen saver! — set by someone to the “bouncing ball” that shatters when it “hits” the screen edges. I asked him to move the mouse. “What mouse? There is no mouse!” he exclaimed.

    “Press the space bar,” I said.

    “Oh! The ball went away!” he cheered.

    I began to explain to him about screen savers, and as we were talking, he stopped suddenly and exclaimed, “The ball is bouncing again! The ball is exploding again!” I patiently explained that when this happened, all he had to do was move the “mouse” or press any key. And I made a note in his account to turn off his screen saver the next time someone worked on his PC in person.

  3. We have to change our passwords once a months. It’s a nightmare. I always forget my PW since it changes so much.

    Then to make matters worse, our company IT support is outsourced. I always get some guy named Jim with an accent so thick, I cannot understand.

    How about PW change twice a year….. please!!!

  4. Was stoked to get a new Blackberry after being on Treo for years. I needed to get on corp email so I had to install some security stuff.

    After that I could no longer take videos or sync and get my files and pics. Only way to DL pics is to email.

    Worse part is, this is my personal phone. Wahh wahh.

  5. I think back to a time right after a fairly large network upgrade. All weekend, day and night, had been spent migrating a nightmare network fto a clean, homogenous utopia of redundant Windows 2000 Servers on the back and Windows XP Professional desktops on the front. Things hadn’t gone quite as smoothly as we’d hoped, so instead of finishing up on Sunday afternoon, we were still putting final tweaks in place on Monday morning.

    After we did our last test (making sure all local tape backups were working properly) it was about noon. (Most users by now had logged in, been informed that they needed to choose a new password in accordance with our medium-strong password guidelines, and had chosen a new password.) I stumbled bleary-eyed into the lunchroom for my umpteenth caffeine fix. Chugging my Coke, I almost missed it while mincing out of the lunchroom. But it grabbed my attention from the corner of my eye and caused Coca-Cola to shoot from my schnoz like some enraged soda dragon.

    “Password List.” Yes, every user’s new password along with IT and even some specific switch passwords had been printed out by a well-meaning secretary and posted in the lunchroom. After they pried my hands from her throat, she explained that she just figured it’d be easier to post them there than to answer all the phone calls when users inevitably forgot them. So she went around and collected them (in my name), built her list, and posted it.

  6. One of my favorite stories was the network that was severely hacked by someone who came in from the outside and deleted the main Exchange message store. Firewall logs had gotten the local IT admin nowhere, so we were called in to do a little snooping around. I wish I’d thought of it, but another guy on the team had the sense to run AirSnort. He found a wide open Linksys wireless access point in about six seconds.

    The internal admin insisted there was no wireless running anywhere on the network. It took some sneaker netting, but we found the rogue AP in a senior exec’s office about 20 minutes later. Seemed he saw how cheap they were at the local CompUSA and decided to plug one into the secondary network port in his office so he could use his notebook’s wireless instead of the wired connection because no wires “looks better.”

  7. Executive users can be dangers even without special access rights. John Schoonover, who worked for the Department of Defense on one of the largest network deployments in history during Operation Enduring Freedom was “witness to a huge lack of IQ points” in a senior manager.

    According to Schoonover, military infosec installations generally follow a concept termed “the separation of red and black.” Red is simply data that has not been encrypted yet. (Danger, the world and sniffers can see you!) Black is the same data after it has been encrypted and is now ready to traverse the world. “These areas [red and black] are required to be separated by a six foot physical gap,” Schoonover says.

    Our hero proceeds to follow these guidelines and deploys the network, but comes back from lunch one day to find the firewall down. Investigation shows that a senior manager “had taken the cabling from the inside router and connected to the Internet for connectivity, thus bypassing all firewall services, encryption, and — oh yeah, that’s right — the entire secure network with a jump straight to the Internet!”