Skip to main content

The WiKID Blog

Viewing posts tagged Information Security


Continuing the discussion about Brand Damage,breach costs and The PCI security standards, TJX reported higher sales despite suffering the largest breach known. Same store sales increased 6%, higher than analysts expected. Consumer sentiment seem to confirm my contention that information security is not a key element of the TJX brand:


Turns out even if you don't have a teleworking offering for your workers, they probably do it anyway by loading their laptop up with private, unencrypted information and taking it home. At least that seems to be the case in the Federal government according to a recent study by the Telework Exchange:

The report found that 63 percent of respondents who worked from home unauthorized -- more half of the non-teleworkers surveyed -- used their home computers in doing that work. "People were saving documents on their home computers that were unprotected," said Josh Wolfe of Utimaco, a data security company that underwrote the study.
I wonder how people get to telework if they are not authorized? I assume telework means that they are connecting via a VPN, right? Are over half of Federal employees technically able to remotely connect to their internal network, but on the honor system to not do it? Registering for the doc gets some answers. Teleworkering means that you are working away from the office. That could mean on your blackerry. However, the point of the study stands: unsanctioned teleworking occurs:
  • 54% of non teleworkers carry files home
  • 41% of non teleworkers log onto their agency’s network from home
Holy Cow! How do people log in to their agency network if they are not allowed! And unsanctioned teleworkers are less likely to be protected from malware:
When teleworkers and nonteleworkers where asked if they had antivirus protection on their laptop or desktop computers, 94 percent of teleworkers responded yes, while only 75 percent of non-teleworkers said yes.
I think implementing two-factor authentication for remote access in federal government agencies would be a huge win - it would immediately eliminate the 41% of unauthorized users accessing the network.


Hat Tip to Valley Wag for pointing out this must read Newsweek article "Intrigue in High Places" about how the chairwoman of HP's board spied on other directors, including gaining access to the call logs of their personal cell and residential phone lines by "pretexting". (The investigators pretended to be the board members to the phone companies to get access.) The targeted board member who was the source of leaks to CNet is still on the board, but Tom Perkins of Kleiner Perkins fame resigned in protest.


The Educational Security Incidents Year in Review - 2007 is out. As Adam points out, not everyone cares that incidents were up 67.5%. I'm not sure that I would either - the total number of incidents was 139, which seems small relative to the number of colleges and universities out there. My guess is that the incidents have to make it to the news. Perhaps incidents are becoming less news-worthy.


My friend Ed Rackley has a quote from Blake in his sig line:

'A dog starv'd at his Master's gate
predicts the ruin of the State...' -- Blake

Recent Posts







RSS / Atom