Reading through some of the thousand articles already floating about the internet, and the actual emails and attachments, it’s pretty disheartening that some basic security rules weren’t being followed.
First off, password security should be priority in any network. Educating your users to secure and memorize their password (that means no yellow post its lying around with that info) should be the top concern for any sysadmin. Allowing a person to post their credentials in the footer of his email signature is horrifying, as one of the brainy scientist had done. Hmm, maybe that’s how the hacker got into your system in the first place? Just maybe so.
Second, if you write about deleting information that you’re afraid of being obtained through a freedom of information request, then don’t store that same information on an unsecure server. That’s just counterproductive now! You never know when a hacker will download all that info and, oh who knows, publish it for the world to see. It’s rare, but I hear it happens.
Finally, let your users know that everything they write, or say (voice mail) and do (teleconference, security videos) at work which is recorded is the property of the company, and may just find it’s way unto the front page of the NY Times. Do you really want that remark about your assistant advertised on the frontpage? Think twice about what you say and think thrice about what you document into written record.
What do you think about the fiasco of the Climatologist emails and the fallout that they are experiencing due to their bad security? ISC2 is going to have a field day in with this!
My Favorites
Loading ...
