In This Issue:
1. Editor's Note: Data Security: Out To Lunch, Er, Dinner
2. Today's Top Story: Microsoft
- Microsoft Preps IE Flaw Fix; Sites Exploiting Bug Multiply
- Microsoft Launches IE7 Bug Database
3. Breaking News
- Internal E-Mails Detail More Questionable Behavior At
- Brief: Yahoo Updates Toolbar With Tabbed Browsing For IE
- BMC Acquires Identify Software For $150 Million
- Report: Vista Delay Won't Impact PC Sales Much
- Lycos Enters VoIP Market Bundled With Goodies
- Microsoft And Eclipse: A Showdown For Ajax Leadership
- Azul Plans 48-Core Processor For 2007
- Next-Generation Vehicles: Drivers Optional
- U.S. Railroads Rolling Out High-Tech Logistics
- State And Local Governments Want To Keep The Jobs, But
Still Outsource The IT
- Spyware And Adware Continue To Plague PCs
4. Grab Bag: Skype And iPods
- Skype Sued Over Peer-To-Peer Technology (CNNMoney.com)
- Denmark Considers Separating iTunes Store From iPod (PC Pro)
5. In Depth: Mobile Commerce
- Mobile Commerce Gets Renewed Push
- Visa Expands Contactless Card Efforts
- Need An Easier Way To Spend Money? PayPal's Trying
6. Voice Of Authority
- Down To Business: The Economics Of Metro Wi-Fi
7. White Papers
- Bridging The Divide: Integrating PLM And ERP
8. Get More Out Of InformationWeek
9. Manage Your Newsletter Subscription
Quote of the day:
"Incompetents invariably make trouble for people other than
themselves." -- Larry McMurtry in "Lonesome Dove"
1. Editor's Note: Data Security: Out To Lunch, Er, Dinner
It was just last week that InformationWeek published the
latest exhaustive analysis of what's emerging as the IT
story of the first decade of this century: complete corporate and
government ineptitude when it comes to managing sensitive
It didn't take long for another company--Fidelity Investments--to
get a black eye for mishandling a laptop containing personal
information on 196,000 current and former employees of
Hewlett-Packard. Lest you think some poor unsuspecting Fidelity
employee was robbed of the laptop at gunpoint, or had their home
forcibly broken into and the laptop stolen, think again.
The employee in question left the laptop in a rental car while
having a three-hour dinner with colleagues, according to a story
in the Wall Street Journal"
[subscription required] that included details from a police
report. At some point in the evening, the vehicle's keys were
given to a colleague to retrieve an item from the vehicle ("Here,
take my keys, don't worry about the 200,000 customer names
sitting unprotected in the car..."). The colleague, it seems,
left the vehicle unlocked, and the laptop went missing. It was
just one of 65 laptops reported stolen from restaurant parking
lots in Palo Alto, Calif., in the last 15 months.
A Fidelity spokesperson said the company takes information
security "very seriously" (can't you tell?) and that company
policy wasn't followed. Such mealy mouthed excuses grow
increasingly tired with each of the 130-plus data breaches since
early 2005. Because companies can't seem to institute policies or
adequate technical safeguards, here's a few suggestions for
ensuring your company doesn't let incompetent third parties or
its own employees mishandle its data:
* Oftentimes, it's an outside data handler that's the cause of
the problem. In this case, the data handler forced HP to deal
with any and all issues affecting the 196,000 current and former
employees. One can only imagine the potential for lost
productivity at HP as employees figure out if their identity has
been stolen. That alone is enough to fire Fidelity, just as any
company that's the victim in such a case should consider doing if
a third party loses their data. While you're at it, fire
knuckleheaded employees that traipse around with reams of data
about their customers. If corporate policy doesn't explicitly
forbid such behavior, fire the corporate policy department.
* Companies should demand documented policies, procedures, and
safeguards from any vendor handling sensitive data on their
behalf. Ongoing audits should be used to verify compliance.
Failure to maintain compliance should result in stiff financial
penalties up to and including termination of a business
* Do away, once and for all, with the practice of storing
sensitive or private data on laptop computers, which by their
very definition are intended to be transported and are therefore
vulnerable to theft. There may be a completely valid reason that
one person needs to have personal data on 196,000 customers on
their laptop, but I doubt it.
HP was just one of three incidents last week (see the
comprehensive list since 2005 here and more gory details here),
and more may be in the offing.
The Government Accountability Office says the IRS' IT security weaknesses "increase the
risk that sensitive financial and taxpayer data will be
inadequately protected against disclosure, modification, or
loss, possibly without detection." Oh boy.
I've shared my recommendations on what companies need to do,
mostly by putting the screws to their vendors, to protect
themselves and their employee and customer data. What do you
think needs to happen next? Please weigh in at my blog entry.
Internal E-Mails Detail More Questionable Behavior At Morgan Stanley
New E-mails filed as evidence in a wrongful dismissal suit
apparently show IT executives receiving hard-to-find sports
tickets and other favors from vendors, trying to use IT spending
to lure customers for Morgan Stanley's banking business, and
trying to electronically wall off top executives from being
contacted by whistle-blowers. Morgan Stanley says the allegations
U.S. Railroads Rolling Out High-Tech Logistics
Railroad executives are trying to introduce systems that pinpoint
bottlenecks and predict traffic. The four top U.S. railroads have
said they will spend about 17% more this year than in 2005
upgrading and maintaining their networks.
Spyware And Adware Continue To Plague PCs
More businesses deploy anti-spyware apps, while efforts to
control the parasitic code are widening as watchdog groups employ
new tactics and law enforcement cracks down on suspects.
New From InformationWeek: Get Your News In A Flash--Literally
InformationWeek.com's latest service is automated E-mail news
flashes. You pick the topic and the frequency (real time, daily, or
weekly), and we'll do the rest. Sign up by following the link below
and be one of the first to take advantage of this latest service.
Do You Access Our Content From A BlackBerry Or Treo?
Many of our readers do, and we want to ensure that you get the
best experience in using our content. So we've created a
PDA-friendly version of our news content, with similarly
streamlined content pages, to make your PDA experience a good
one. Check out our latest enhancement.
Need An Easier Way To Spend Money? PayPal's Trying
Cell phones are getting so smart, why not let them pay the bills?
That's PayPal's reasoning behind an upcoming service that will let
its customers use text messaging on their phones to make payments.
Bridging The Divide: Integrating PLM And ERP
The benefits of IBM WebSphere are available to companies of all
sizes. This brochure provides an overview of the value of using
SMARTEAM and WebSphere Business Integration Server to integrate
a company's PLM and ERP systems.
Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.
Keep Getting This Newsletter
Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.