An Inside Job
-
An Inside JobWe all are concerned with security, trying to keep hackers out of our systems, prevent them from getting access to data or worse. Many of us are almost as concerned about internal employees, and we have to go to great lengths to try and ensure our systems are secure. It's a hard job and we sometimes step on other peoples' toes while implementing security.
If you've had issues with this, don't feel bad. Apparently the FBI has issues as well with a consultant cracking their passwords. Apparently he got a copy of their database and cracked it with Internet tools. If this was a Windows system, he likely just got a copy of the SAM database and used that to get passwords.
Security is a hard thing to maintain and I'd agree that often the basic frustrations of getting your job done can lead you take shortcuts. Let people share accounts, skip authorizations, and more. Most of the time it's no big deal, but in this case it can result in jail time!
And with more corporations having to comply with Sarbanes-Oxley and other laws, the officers of the corporation being held liable, and leaks and issues being placed in the press, it's not a good idea to make shortcuts. I've done it before, but I'm less likely to do so in the future and certainly wouldn't if I did any work for a government agency.
Everyone can sympathize with the rules of a workplace regarding security. And everyone needs to get their work done without feeling pressure because of some silly rule. But the rules are in place to prevent stupid mistakes, many of which happen when you bend the rules. I'm sure that every one of the data breeches from laptops has had that laptop with critical data outside the office dozens of times before it was stolen or something happened.
It's like I tell my kids: it's not the hundred times you carry grape juice across the carpet I care about. It's the one time you spill it that matters.
Steve Jones
-
Aha...the classic mistake...you know a problem is possible to occur, but rather than taking steps to minimise the fallout, you penalise the inevitable mistake...."It's like I tell my kids: it's not the hundred times you carry grape juice across the carpet I care about. It's the one time you spill it that matters. "
That's what hardwood/tiled floors are for!!!!
-
But then again, if one was so cautious as to eliminate everything that might lead to a mistake, the world would be a dull place indeed. The mindset that we have to remove what we can enjoy because of risk to it, would prevent us from planting flowers in our gardens because they attract bees, and those bees might in turn sting us.
And that analogy strikes me as a fair parallel to most of the lost data stories, especially those involving laptops. Mobile workstations are excellent productivity tools, and eliminating them from business would be a mistake. The real problem, after all, is that they represent largely unmanaged risk -- because people do not take appropriate cautions when carrying them with critical data onboard. Think about how many times you see a laptop carrying businessperson sitting in an outdoor cafe, distracted by their cell phone, while their laptop carrying case sits unattended and out of sight by the side of their table. To me, that's about the same as pasting my credit card to my forehead and scribbling my particulars on either cheek.
What companies need to do is to create policies and enforce them, and make the penalty for transgression as lareg as the risk being managed. If you leave the office with critical client information in a latop, policy should dictate the hardware locks, software locks and so forth to minimize the risk should the physical unit be lost. As long as they rely on government to set those bars, they are showing bad management, because these kinds of losses affect the bottom line returns of shareholders.
Of course, the real problem is that the penalty for spilling that data all over the Internet isn't enough to make them take notice of the real problem.
-
Locks only keep honest people out.
RegardsRudy KomacsarSenior Database Administrator"Ave Caesar! - Morituri te salutamus."
An Inside JobViewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply