Tuesday, December 16, 2008

Think you can trust your IT executives or staff with company data? Think again.

A direct marketing firm alleges that their former Vice-President of IT took a backup tape containing names and information on 3.2 million clients, including credit card and bank account information on 800,000 customers. The tape was encrypted but it contained information and programs to decrypt the data. Besides, if the VP of IT was involved, don’t you think that he’d probably have the decryption key or would know where to obtain it?

Interestingly, the CEO of the company reported to the Breach Blog within hours after the blog’s post that the “stolen” tape had been “recovered” and was being examined by forensic experts to determine if the data was accessed.

With a whole host of new “disclosure” laws impacting most states, your company should be thinking about how it manages personal identifiable information (PII) of customers, vendors, employees etc. Increasingly with more technology able to hold so much data, one lost laptop or exposed disk may create a huge liability for the company. Sounds like this company, like many companies, could use policies and procedures regarding backup tapes, including a backup tape log and limits on access.

Are you kidding me?

Monday, December 1, 2008

Corporate America needs Annual Email Training for every employee using email for work

A marketing executive received an e-mail from a client containing a topless photo of her. The executive and the client’s significant other shared the same first name and the first letter of their last name – and the email software filled in the rest.

Check out the “Keeping Good Company” training program at ARMA International.

Are you kidding me?
This the season to be generous, but not at your company’s expense. When selling or even donating computers make sure all information is totally and completely destroyed forever.

For example, when auditors checked computers being sold from a Kansas government surplus property office, they discovered that 10 out of 15 computers randomly sampled still had files which could be recovered with standard document recovery software. Seven of the computers contained confidential information. Some state agencies mistakenly thought another group was in charge of erasing files; others thought they had erased everything when they reformatted the hard drives.

Are you kidding me?