5 lessons we can learn from the Steven E. Hutchins Architects data sabotage

 Marie Cooley - accused of allegedly wiping out employer's dataAngry Employee Deletes All of Company’s Data‘ is how the headline read last week describing an alleged incident of data sabotage where an employee, erroneously thinking a help wanted ad in the paper by her employer was describing her job, allegedly leveraged her access late Sunday night to destroy 7 years of data worth an estimated 2.5 million dollars.

As Jacksonville Sheriff’s Office spokesman Ken Jefferson told reporters:

“She decided to mess up everything for everybody … She just sabotaged the entire business, thinking she was going to get axed … She decided to be spiteful and go in and sabotage the records. And she did a very good job of that …” – via Fox News & TheRegister.co.UK

According to the Fox News story, Hutchins told one TV station (First Coast News) he’d managed to recover all the files using an expensive data-recovery service … though the Register reports firm owner Steven Hutchins saying the restoration fee was “not a sensationalistic amount of money.

So what does this have to do with your church and/or charity website? Glad you asked …

… those of you with some systems administration experience are undoubtedly shaking your head after reading such stories – and for good reason. Much of the pain could have been prevented had the following five measures been taken:

  1. Make a nightly, or at least weekly backup of the 7 years of work;
  2. Take the grandfather backup, that is the backup before the most recent backup, and move it off site – preferably to a fireproof safety deposit box. It is after all worth 2.5 million dollars;
  3. Create a disaster recovery plan that includes loss of data, loss of hardware, loss of operating system, loss of personnel;
  4. Take a Saturday and practice the disaster recovery plan. An example scenario I might suggest to said Florida firm is to enact the plan to deal with damages incurred by a hurricane;
  5. Limit access to full data to a vetted, trusted, bonded and insured system administrator. Everyone else gets data on a ‘copy of’ and need basis – I’m thinking through a secured revision control system that can be backup-up and where there is immediate recourse to a variety of intentional and unintentional ‘mistakes.

Think about it, all it takes is one disgruntled or even one well-meaning but not-so-careful layperson and/or church staff person to effectively wipe out your church and/or charity’s data in a fashion similar to what Marie Lupe Cooley allegedly did to Steven E. Hutchins Architects.

So make plans to protect your data now!

As for the job … apparently Ms. Cooley originally wasn’t in danger of losing it. The ad was for Hutchins’ wife’s company.