Posts Tagged ‘data breach’
By now, you may have heard of the security breach at mass email marketing company Epsilon, where the names and email addresses of thousands, if not millions, of people have been stolen. The current list of companies include:
- Ameriprise Financial
- Barclays Bank
- Best Buy
- Disney Destinations
- Hilton Worldwide
- JP Morgan Chase
- Marriott International
- McKinsey Quarterly
- New York & Company
- Robert Half
- US Bank
The warning emails are starting to role in. This one from Target:
When will it become Standard Operating Procedure, and an industry standard, if you are storing customer info, to store it in an encrypted database! It can’t be that difficult!! The money you are spending on the resulting PR, could probably have been used to secure the database.
I blame, not only Epsilon, but also the companies that dealt with Epsilon for not making it a requirement that the customer info be encrypted.
Get used to it. Moving things to the “Cloud” is becoming more popular. So will the data breaches…
Company data belonging to customers of Microsoft’s hosted business suite BPOS has been accessed and downloaded by other users of the software.
Washington Post story which clearly illustrates why you need to be careful with file sharing programs like Limewire, despite the peer-to-peer (P2P) application arena having enormous potential.
Sometime late last year, an employee of a McLean investment firm decided to trade some music, or maybe a movie, with like-minded users of the online file-sharing network LimeWire while using a company computer. In doing so, he inadvertently opened the private files of his firm, Wagner Resource Group, to the public.
P2P applications like Limewire, allows you to share and swap files. Most people use it to share and download movies and music with other users. For those of you who have kids that use your computer, or their own computer on a local home network, be aware of P2P file sharing apps like Limewire. Companies should make it part of their corporate security policy to ban the installation and use of P2P apps (unless of course you have a business need). With P2P applications, such as Limewire, it’s pretty simple to, inadvertently, open up folders on your computer for sharing with the rest of the world.
And if your kids are using your computer and Limewire, you may be sharing your folders already.
In the case outlined in the Washington Post article, the McLean investment firm made two very big mistakes. One, allowing the employee to install and use Limewire. The second, not having their client information encrypted and stored in a secure location. Both of which, could have easily been avoided using simple solutions.