T-Mobile is investigating a claim that customer data was stolen and attempts made to sell the information to their competitors. While data breaches unfortunately seem common, the good news from this story is that T-Mobile’s competitors apparently denied the offer of the theives. This whole story may be hogwash but even the idea that ethics still plays a role in the business environment is a good thing. Kudos to those companies!
ComputerWorld Article
Finally! The U.S. makes a conscious decision to consider the digital roadways that carry the information of citizens, business, and government as a “strategic national asset”. Acknowledging the importance is certainly a step, albeit a late one, in the right direction. Let there be no mistake, it’s a difficult task to defend a nation in the modern day wild west and quite frankly, as a nation we’ve been asleep at the wheel as criminal activity runs rampant across this unprotected thoroughfare.
As if it were scripted, right after the announcement of a new White House cyber security position, a document with information about our nuclear facilities was inappropriately disclosed to the public. This provides empahsis to the sad but true statement that technology doesn’t cure dumb. Never has, never will. This is why security must be built around the triad of people, process and technology. One without the others is fairly useless.
When an employee leaves a company either voluntarily or involuntary, the business must have the processes and procedures in place to immediately revoke access to information resources. This isn’t a new concept in the information security realm but it is something that is often applied lackadaisically in organizations. With the cost of breaches rising, leaving doors open for potentially disgruntled ex-employees can be a costly mistake for your business. Just as you provide access to new employees, you must be ready to remove access when an employee separates.
The article snip below is a recent addition to the “should have known better” club:
The ex-employee, Dong Chul Shin, was fired from the company March 3 for performance reasons, and escorted off the premises, according to court records. But the company failed to immediately shut off his VPN access. That afternoon, someone using Shin’s account began logging onto the corporate network, e-mailing out proprietary data to a personal Yahoo account linked to Shin, and modifying and deleting files, according to a search warrant affidavit by the Dallas FBI agent Robert Smith.
Poulsen, Keven. “Ex-Employee Fingered in Texas Power Company Hack.” WIRED 29 May 2009.
http://www.wired.com/threatlevel/2009/05/efh/
Ethics | Paul June 9, 2009 | 
Comments (0)