security
One rule for the workers, another for execs
ON CALL Supporting IT and keeping it secure is a serious endeavor. Which is why The Register lightens up Friday mornings with a fresh installment of On Call, the reader-contributed column that shares your tales of tech support trauma.This week, meet a reader we'll Regomize as "Colin" who told us about a recent gig at a customer that decided to improve the security of its Microsoft 365 implementation – chasing the Secure Score that Redmond uses to rate resilience."We spent a good amount of time working with the customer and agreed a rollout plan to ensure multi-factor authentication (MFA) was enabled across the board in accordance with a security baseline."
Colin and his crew knew what to do, so when they flicked the switch on various upgrades, all went smoothly.
Until it didn't."The following morning, one of the senior directors of the company – who was allegedly the COO of a cybersecurity company – called our service desk and started yelling."Amid the yelling and accusations, Colin and his colleagues picked out an allegation that the company had been brought to its knees by the need to register for MFA, which had crippled an invoicing system and would surely result in ruin within a disastrously short time frame."Once she allowed us to speak, it turned out that the problem only impacted three or four phones," Colin wrote. The support team investigated and quickly learned the real problem was with the invoicing software, which promised MFA support but relied on buggy software to make it happen.
