Like every good story mine has a beginning, a middle and an end. While my tale is completely fictitious, the situation that our character finds himself in isn’t. It is based on real events happening in organisations across the globe. Perhaps, by reading it, you can avoid following the same path as our ill-fated CEO and change your destiny.
Pegasus was arguably the premier automobile manufacturer. It didn’t just ‘make’ cars, it created them. The drivers lucky enough to find themselves behind the wheel of a Pegasus didn’t just park it, they positioned it. If you didn’t already own a Pegasus car then you aspired to own one. Pegasus stood for ‘living the dream’.
As you’d expect, to sit in the CEO’s seat of this established and well-respected organisation was coveted by many powerful men and women. For Charles Trumble, it had just become reality. Charles believed he was unstoppable.
Running a tight ship
With the country entering recession for the second time in just a few short years, and the manufacturing industry severely depressed, Charles knew it was going to be tough. Shareholders were restless, demanding faster returns on their investments, and he had to make a quick impression or risk the dream being over before it had really begun.
First step, go through the books with a fine-tooth comb and identify savings.
Of course, reducing the IT expenditure was a no brainer. The IT auditors, what did they really do and how could they justify the fee? And all those expensive ‘geeks’ in the IT department could go. No one understood a word they said so outsourcing the whole lot to Romania wouldn’t make a difference. All future IT spend could be frozen as they’d just upgraded the PCs, servers and operating system.
Never one to wait for someone else to blow his trumpet, Charles decided an email to the rest of the board was necessary. In it he malevolently outlined the faults in the Financial Director’s budget predictions, and reassured the board that the hard decisions were now being made by someone with balls.
There was concern that cutting the bonuses IT managers received for being proactive on security might be ill-informed, but Charles’ reassurance that he wouldn’t have to make other payment cuts as a result seemed to allay fears.
Knowing how good business would be as a result of his new administration, and ignoring the ‘rule’ against it, Charles decided the time was perfect to increase his holding in Pegasus. After all, he was in control and things were on the up.
Rough seas ahead
Redundancy day dawned and Charles was feeling buoyant – he loved Fridays.
The IT department’s extreme reaction niggled, especially Dave Reynolds who was particularly venomous. He had been fighting the decision to outsource IT support and kept banging on about false economies. What did he really know about economising, his budget had been spiralling for years? ‘Quiet geek’, Charles didn’t know his name, simply shrugged his shoulders, made a passing comment about regrets, and left.
At 18:00hrs, the IT team switched off the lights, closed the doors and left the building. At 18:05hrs the Pegasus network went offline. Coincidence? Charles didn’t think so.
Eventually the problem was identified and fixed, something to do with a rogue line of code that had disrupted the server migration, but the system was back up early on Monday morning and things could get back to normal. The reference to rogue code went completely over Charles’s head.
Rough seas turn stormy!
Over the coming weeks the IT infrastructure seemed to develop bugs at random. At first it just seemed bad luck that the network crashed each time that an IT employees’ name was removed from the payroll. However it soon became apparent these weren’t unrelated or isolated occurrences. The website was continuously defaced – with a special emphasis on the director’s biographies, especially Charles’s.
Large orders appeared in the sales ledger and invoices were marked paid when they hadn’t. The production line was even being ‘interfered with’ as cars were randomly sprayed pink. The real clue was emails being sent, purportedly from Charles, that he knew he hadn’t! Someone who knew his way round the network was accessing the system.
Unfortunately the new Romanian IT support team were at a loss as to what, or who, was doing it. They removed all the IT team’s user accounts, which incidentally caused another black out, but didn’t stop the intruder. Just how they were getting in was a mystery.
This inadequacy was just for starters. There was mutiny in the ranks as people complained that every problem took longer to solve. Calls to support were often left unanswered leaving people unable to work. The contract might have seemed lucrative but in hindsight the money it was actually costing the business each quarter would have paid an onsite IT department’s wage bill for a decade!
Customer service and confidence was suffering.
There was another problem with the changes Charles had implemented. The report from the new IT auditors read like a geek’s wish list with miscellaneous items not on the original schedules. Rather than the projected savings, it actually quintupled the old auditor’s fee.
And the IT cuts were a gift that just kept on giving. The luxuries that Charles’s IT spending freeze promised, such as upgrading the security software, were not realised. It wasn’t long before malware infections increased and data breaches occurred. For goodness sake, why couldn’t managers insist their teams be more security conscious?
The board soon turned but their efforts failed to stop the company going into administration. The Financial Times became aware of an email which proved Charles had been instrumental in the changes that had caused the demise of Pegasus. Worse still, the Financial Services Authority had been tipped off about his share dealings. Of course, with the share price in freefall it could be argued that having inside knowledge hadn’t really paid off for Charles.
I often hear such tales of woe that can so easily be avoided. I’m not suggesting you should never outsource some of your IT projects or change your IT auditors. Just that you do so sensibly. For example, ongoing investment in security solutions is necessary as the threats organisations face are also evolving. But that doesn’t mean you have to buy every new product on the market, just what will work for you.
Privileged accounts are basically the keys to your IT kingdom so make sure you know who is in control of the passwords that control access to these powerful accounts, and that they’re regularly changed to prevent abuse. Solutions that automatically manage security practices, such as password updates and patch installation, should be deployed to keep the network secure. Cuts don’t have to be expensive, they just have to be intelligent.