Five data leak nightmares

When Home Depot lost a laptop containing personal information on 10000 employees, it was just the latest in a string of high-profile data-leak incidents.

USB drives, old hard drives and the laptop left in the front seat of a car all pose huge risks. Home Depot, Pfizer and the VA all ran into trouble when laptops holding confidential information were stolen. Without preventing sensitive data from ever getting on these portable devices in the first place, it's nearly impossible to secure against an opportunistic thief or simple forgetfulness.

Nightmare four: Blabber-blogs - Internal blogs are great, unless employees start spilling company secrets

Web 2.0, VoIP, and other new technologies are driving security pros crazy - at least at those organizations on the ball enough to pay attention to them. Take something as simple as blogging.

At Microsoft, the blog Mini-Microsoft has stirred up a bunch of controversy. According to the blog's author, a Microsoft employee who wishes to remain anonymous, the blog was started as a forum for "exposing lunch-time conversations of a lot of people going over the issues and concerns they had about Microsoft."

In our e-mail interview with Mini-Microsoft's author, he says, "You see a lot of deep, well-thought-out, constructive criticism from the inside. I can't say this goes anywhere, even today. . . Two years ago, when a lot of the concerns became public, something got done. Would it have happened without the blog? Maybe. Probably not, though."

Aberdeen's Baroudi has a problem with anonymous corporate blogs. "Anonymous blogs are irresponsible. If you feel that strongly and you're unwilling to put your name to it, it loses credibility. If you put your name to it, there's a dialogue."

Could Mini-Microsoft be as effective minus the cloak of anonymity? "Absolutely not," Mini-Microsoft wrote. "If I had started this blog under my real name then I would be shut down quickly by people who would just question how a person working on XYZ could possibly have a say about [an unrelated] project.

"There'd be more criticism for who I was and what my responsibilities are. 'Hey, why don't you blog about how your feature bar is broken?' That's human nature. The mystery allows an assumption of knowledge and provides permission to ponder. And I can't say it would be seen as career empowerment for the leadership up the chain from me."

Advocate blogs pose a serious dilemma for IT security. The anonymous soul-of-the-company ones like Mini-Microsoft are highly valued by employees. Whistle-blower blogs like those from Los Alamos National Labs are even more valuable because they exposed the dysfunctional practices that threatened national security.

However, these blogs do pose risks. If confidential data is leaked, for instance, management has a valid reason to worry. PR and marketing executives tear their hair out figuring out how to respond to the bad press that often accompanies these blogs.

Most organizations, though, simply have no idea how to handle these blogs, and, as a result, most either ignore them or make the mistake of trying to shut them down - which usually worsens morale and generates more bad press.

Other new technologies present equal quandaries. Take IBM's Many Eyes, which is essentially a mashup application for visualizing data. "There is a lot of data there that probably shouldn't be," said Forrester's Young. "You can find sales forecasts and corporate income statements." Many Eyes doesn't always show where the data is coming from, but much of it isn't hard to figure out.

There is even data from government agencies, including the CIA. If the Secret Service can't be trusted not to send out unencrypted itineraries, it's not a stretch to worry about what it's posting on Many Eyes.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeff Vance

Network World
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?