February 09, 2006

Business Disaster Planning

In my last post I was showing how easy it is for data to go astray in this wired world we live in. I got an interesting comment from dagamore about off site storage.

Since this got a little overwhelmingly long... I put the rest in the extended entry. more...

Posted by: Teresa in WebTech at 07:26 AM | Comments (2) | Add Comment
Post contains 1127 words, total size 7 kb.

February 07, 2006

New And Better Ways to Give Out Private Information

The other day I blogged here about a local paper unintentionally giving out customer information. Now we have yet another breach of confidentiality...

Patients' Confidential Information Sent To Local Bank

NewsCenter 5's Shiba Russell reported that the information, including records about patients' sexually transmitted diseases, was faxed to a Boston investment bank by mistake.

The hospital admitted that it made a blunder. The admission surfaced after the investment bank revealed that the hospital mistakenly sent the medical data of about 30 patients to the bank. The information included patients'
Social Security numbers and information about STDs.

"When I heard that I was a little shocked. At the same time, I was a little scared, too. That's not right. It's invading a patient's privacy," patient Kiran Reedy said.

The bank's finance manger told the Boston Herald that she called the hospital about 12 times to alert hospital officials about the error, but the faxes kept arriving at the bank. The bank shredded the faxes.

Now it's very likely that this was not an intentional releasing of information. I'm betting someone was faxing the info and put the wrong number into the fax machine. Then, when the bank called, the report wasn't taken seriously, whoever answered the phone decided it would only happen once and they could ignore it rather than report it and have to file incident reports.

It took the bank actually speaking out to get the hospital personel to stop what they were doing. I'm thinking someone will lose their job over this... but it won't stop the flow of information and fixing this problem will only stop this problem.

I'm sure you've all heard the old saying... Make something idiot-proof and they'll build a better idiot. This is the point of an article in Computerworld.

Creative Bungling: IT Can't Stop All Data Breaches

And here's the scarier part: Even though data security is IT's job, this isn't a problem that IT can solve.

Why not? Because non-IT employees really are creative. They're always looking for better, faster, cheaper ways of doing their jobs. That includes reusing paper from discarded printouts. And storing backups off-site at employees' homes. And, of course, taking work home on laptops.

They'll always come up with new ways of exposing data that we haven't thought of. Not on purpose; they're not trying to put customers or the business at risk. But data security and customer privacy just aren't top-of-mind for them. The gap between what concerns us (protecting data) and what they worry about (doing business) is just too great.

I would venture to add something that is not in the article... making these people believe that a data breach is a serious serious incident is a nearly impossible task.

Unless you can make employees understand how valuable the data is that they are working with and how much damage it can do if it gets into the wrong hands, they really won't care what happens to it. And even if you do succeed in pounding your message home, there are always workers who simply don't believe it will ever happen to them. These people think security precautions are nonsense and a waste of time - they just won't bother with them.

Sadly this can include anyone in the company up to the CEO. IT people can do only so much. The regular employees MUST understand that customer data is the most valuable asset the company has, and if it's lost - then the company will soon be out of business... and they will be out of a job.

I don't know what the answer is, but it is certainly the biggest hole in the system right now. All you have to do is read the internet - it doesn't take long to see that our data is not in good hands. It's rather scary.

Posted by: Teresa in WebTech at 07:17 PM | Comments (6) | Add Comment
Post contains 650 words, total size 4 kb.

Phishy IRS emails

The ever resourceful phishers are at it again.

FEBRUARY 06, 2006 (COMPUTERWORLD) - The Internal Revenue Service today confirmed that an e-mail purporting to be from the IRS is part of a scam designed to trick users into revealing their personal information, including Social Security and credit card numbers.

The subject line of the e-mail, which was received by a Computerworld reporter, reads "Refund Notice!" and claims to be from "refund@irs.gov."

A portion of the e-mail reads, "You filed your tax return and you're expecting a refund. You have just one question and you want the answer now -- Where's My Refund? Access this secure Web site to find out if the IRS received your return and whether your refund was processed and sent to you. New program enhancements allow you to begin a refund trace online if you have not received your check within 28 days from the original IRS mailing date."

One more time... what do we do when we get an email from anyone asking us for personal information? hmmm? I can't hear you! Okay - that's right - we delete it!

If you just can't help yourself and you feel compelled to respond - then get on the phone and call the company in question. Make sure you get the telephone number from somewhere other than the email that was sent to you. If you want to email the company - then please be careful - do NOT click on any links in the email itself. Go find the company using a search engine (if you don't have it bookmarked) and find an email address for customer service - forward the email to them and ask if it was sent by them.

However, 99.99% of the time - you will never ever receive an email asking you to verify information on your account. It's because of phishing scams like this.

Posted by: Teresa in WebTech at 10:14 AM | Comments (3) | Add Comment
Post contains 317 words, total size 2 kb.

February 02, 2006

Kama Sutra Friday

UPDATE: I'm putting this at the top - because it's important! (naturally or I wouldn't update at all). From Computer World:

Fake F-Secure E-mail Contains Malware

An e-mail that appears to come from antivirus software vendor F-Secure
actually contains a Trojan horse that can infect users' computer.

Repeat after me... Major security companies do NOT send out emails with attachments that will supposedly do "good" things for my computer. NEVER EVER.

Well, tomorrow is the big day... Kama Sutra Friday. What you haven't heard about it?

ATLANTA, Georgia (CNN) -- "There are a lot of people who are going to be very unhappy on the third of February," said Professor Merrick Furst from the Georgia Tech College of Computing.

That's when the Kama Sutra computer worm will begin destroying critical files on infected computers. And hundreds of thousands of machines may have the worm lurking within their Windows operating system, ready to be unleashed on February 3 and the third of every month thereafter.

Experts say Windows Office documents, Word documents, Excel spread sheets, and PDFs (portable document format) are among the files that will be "overwritten." That means the data will be changed and corrupted, and the original information will no longer be accessible.

So, if you think you might possibly have picked up this little gem - back up your files. If you can - scan your system to be sure it's okay. And let's see what the result is tomorrow. Personally I don't open these attachments when they come my way... but I'm betting there are people out there with this bug because they opened an attachment from a friend - thinking it was safe.

Posted by: Teresa in WebTech at 08:34 AM | Comments (5) | Add Comment
Post contains 281 words, total size 2 kb.

<< Page 1 of 1 >>
40kb generated in CPU 0.04, elapsed 0.0341 seconds.
70 queries taking 0.0145 seconds, 238 records returned.
Powered by Minx 1.1.6c-pink.