Five data leak nightmares

When Home Depot lost a laptop containing personal information on 10000 employees, it was just the latest in a string of high-profile data-leak incidents.

USB drives, old hard drives and the laptop left in the front seat of a car all pose huge risks. Home Depot, Pfizer and the VA all ran into trouble when laptops holding confidential information were stolen. Without preventing sensitive data from ever getting on these portable devices in the first place, it's nearly impossible to secure against an opportunistic thief or simple forgetfulness.

Nightmare four: Blabber-blogs - Internal blogs are great, unless employees start spilling company secrets

Web 2.0, VoIP, and other new technologies are driving security pros crazy - at least at those organizations on the ball enough to pay attention to them. Take something as simple as blogging.

At Microsoft, the blog Mini-Microsoft has stirred up a bunch of controversy. According to the blog's author, a Microsoft employee who wishes to remain anonymous, the blog was started as a forum for "exposing lunch-time conversations of a lot of people going over the issues and concerns they had about Microsoft."

In our e-mail interview with Mini-Microsoft's author, he says, "You see a lot of deep, well-thought-out, constructive criticism from the inside. I can't say this goes anywhere, even today. . . Two years ago, when a lot of the concerns became public, something got done. Would it have happened without the blog? Maybe. Probably not, though."

Aberdeen's Baroudi has a problem with anonymous corporate blogs. "Anonymous blogs are irresponsible. If you feel that strongly and you're unwilling to put your name to it, it loses credibility. If you put your name to it, there's a dialogue."

Could Mini-Microsoft be as effective minus the cloak of anonymity? "Absolutely not," Mini-Microsoft wrote. "If I had started this blog under my real name then I would be shut down quickly by people who would just question how a person working on XYZ could possibly have a say about [an unrelated] project.

"There'd be more criticism for who I was and what my responsibilities are. 'Hey, why don't you blog about how your feature bar is broken?' That's human nature. The mystery allows an assumption of knowledge and provides permission to ponder. And I can't say it would be seen as career empowerment for the leadership up the chain from me."

Advocate blogs pose a serious dilemma for IT security. The anonymous soul-of-the-company ones like Mini-Microsoft are highly valued by employees. Whistle-blower blogs like those from Los Alamos National Labs are even more valuable because they exposed the dysfunctional practices that threatened national security.

However, these blogs do pose risks. If confidential data is leaked, for instance, management has a valid reason to worry. PR and marketing executives tear their hair out figuring out how to respond to the bad press that often accompanies these blogs.

Most organizations, though, simply have no idea how to handle these blogs, and, as a result, most either ignore them or make the mistake of trying to shut them down - which usually worsens morale and generates more bad press.

Other new technologies present equal quandaries. Take IBM's Many Eyes, which is essentially a mashup application for visualizing data. "There is a lot of data there that probably shouldn't be," said Forrester's Young. "You can find sales forecasts and corporate income statements." Many Eyes doesn't always show where the data is coming from, but much of it isn't hard to figure out.

There is even data from government agencies, including the CIA. If the Secret Service can't be trusted not to send out unencrypted itineraries, it's not a stretch to worry about what it's posting on Many Eyes.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeff Vance

Network World
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?