Five data leak nightmares

When Home Depot lost a laptop containing personal information on 10000 employees, it was just the latest in a string of high-profile data-leak incidents.

USB drives, old hard drives and the laptop left in the front seat of a car all pose huge risks. Home Depot, Pfizer and the VA all ran into trouble when laptops holding confidential information were stolen. Without preventing sensitive data from ever getting on these portable devices in the first place, it's nearly impossible to secure against an opportunistic thief or simple forgetfulness.

Nightmare four: Blabber-blogs - Internal blogs are great, unless employees start spilling company secrets

Web 2.0, VoIP, and other new technologies are driving security pros crazy - at least at those organizations on the ball enough to pay attention to them. Take something as simple as blogging.

At Microsoft, the blog Mini-Microsoft has stirred up a bunch of controversy. According to the blog's author, a Microsoft employee who wishes to remain anonymous, the blog was started as a forum for "exposing lunch-time conversations of a lot of people going over the issues and concerns they had about Microsoft."

In our e-mail interview with Mini-Microsoft's author, he says, "You see a lot of deep, well-thought-out, constructive criticism from the inside. I can't say this goes anywhere, even today. . . Two years ago, when a lot of the concerns became public, something got done. Would it have happened without the blog? Maybe. Probably not, though."

Aberdeen's Baroudi has a problem with anonymous corporate blogs. "Anonymous blogs are irresponsible. If you feel that strongly and you're unwilling to put your name to it, it loses credibility. If you put your name to it, there's a dialogue."

Could Mini-Microsoft be as effective minus the cloak of anonymity? "Absolutely not," Mini-Microsoft wrote. "If I had started this blog under my real name then I would be shut down quickly by people who would just question how a person working on XYZ could possibly have a say about [an unrelated] project.

"There'd be more criticism for who I was and what my responsibilities are. 'Hey, why don't you blog about how your feature bar is broken?' That's human nature. The mystery allows an assumption of knowledge and provides permission to ponder. And I can't say it would be seen as career empowerment for the leadership up the chain from me."

Advocate blogs pose a serious dilemma for IT security. The anonymous soul-of-the-company ones like Mini-Microsoft are highly valued by employees. Whistle-blower blogs like those from Los Alamos National Labs are even more valuable because they exposed the dysfunctional practices that threatened national security.

However, these blogs do pose risks. If confidential data is leaked, for instance, management has a valid reason to worry. PR and marketing executives tear their hair out figuring out how to respond to the bad press that often accompanies these blogs.

Most organizations, though, simply have no idea how to handle these blogs, and, as a result, most either ignore them or make the mistake of trying to shut them down - which usually worsens morale and generates more bad press.

Other new technologies present equal quandaries. Take IBM's Many Eyes, which is essentially a mashup application for visualizing data. "There is a lot of data there that probably shouldn't be," said Forrester's Young. "You can find sales forecasts and corporate income statements." Many Eyes doesn't always show where the data is coming from, but much of it isn't hard to figure out.

There is even data from government agencies, including the CIA. If the Secret Service can't be trusted not to send out unencrypted itineraries, it's not a stretch to worry about what it's posting on Many Eyes.

Join the PC World newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeff Vance

Network World
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?