Breaking the Rules

  • Breaking all the Rules

    Security and data loss have been a big problem over the last few years. More and more types of records and identity information have been the target of hackers. It is estimated that some companies lose data over six times a year and some even more.

    Wow.

    I wonder if it's because of things like this. I know that mistakes happen, whether you're moving stuff around in the real world, through the mail, or through the virtual one with electronic transfers. However you plan for and deal with those mistakes, like using encryption. Or like sending passwords, PINs, or some authentication separately from the main package.

    Humans are more often than not the weak links in any security scheme. We bend the rules, we slack off, we don't include all the protections. Sometimes we forget or sometimes we're lazy.

    That's why monitoring is important. Why the government needs to enact rules to limit the profit motive of corporations and why companies need to be sure that they check up on their employees, ensuring that they are following those same rules and protecting all the data they hold.

  • Here is another of the same old story. Forgot to test the backups.

    <http://www.adn.com/money/story/8721511p-8623582c.html&gt;

    You would think a large government agency would know that. I don't know what's worse, this problem or data breeches due to negligence?

    I think its time for agencies to start paying up for their mistakes. Since its the taxpayer (in cases related to the government) that takes the hit, then jail time would appear to be appropriate for the managers who's department failed the public trust. At least then the taxpayer can see his tax dollars at work!

    The above article will cost me .37 cents! The price of your gas must go up!

  • I think that companies need to take a stand and say that security is more important than the convenience of the employees. Security is broken in order to make someone's job easier. Often it does not need to be that way. Employees just need to make the sacrifice, and stop taking data home, use strong passwords, etc... and the IT department is going to have to quit coddling stupid users and make them learn security or get another job. IT security is now part of many jobs, and these are people who were not responsible for it in the past. They need to be re-trained, and they need to suck it up and deal with the inconvenience of good security.

    Until financial institutions start using private information instead of publicly available stuff for identification, it will be a problem. Social Security numbers are completely worthless as identification, not because the system is flawed, but because we have abused it too much. If my bank tried to hold me accountable for "identity theft"... I would go to the mat with em over it. It's their fault if they fail to ask for proper identification from people trying to use their accounts.

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply