IT Confidential: A Checklist For Protecting Personal Data
The incidents involving the loss of sensitive personal data are getting laughable; here's a list of dos and don'ts that your organization needs to keep in mind.
When will it end? Apparently, not until we learn the lessons of data protection. I'm referring to the continuing incidents of personal data loss: hacked data, stolen data, pretexted data, data thrown away in Dumpsters, data that falls off the back of delivery trucks, and data inadvertently--or advertently--published on Web sites where everyone and his brother can find it.
These incidents are becoming laughably commonplace, and the most recent is a real howler. On June 10, along with a $200 radar detector, a "computer backup device" was stolen out of the car of a college intern working for a state agency in Ohio. In a press release June 15, Gov. Ted Strickland said the device contained 338,634 files in 24,333 folders, which included the names and Social Security numbers of all 64,467 people employed by the state. The device also was found to contain electronic funds transfer data for school districts and local governments, as well as data on state welfare recipients and on people who hadn't cashed tax-refund or lottery checks.
I've put together the most salient lessons to be learned from this incident, and I've organized them as a checklist; feel free to tear out this page of the magazine, or print the list from the Web site, and post it prominently in your organization.
One last point. Gov. Strickland hired a local computer security company called Interhack to make recommendations regarding encryption and other policies. Is it really wise to hire a security company with the word "hack" in its name? I don't know, I'm just asking.
Is it really wise to tick off a computer security company? It's just a joke, guys, don't take it personally. Send me an industry tip or I'll take it personally, to firstname.lastname@example.org, or phone 516-562-5326.
To discuss this column with other readers, please visit John Soat's forum.
To find out more about John Soat, please visit his page.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.