Slashdot Mirror

← Back to Stories (view on slashdot.org)

Securing Personal Data in Small Companies?

Posted by Cliff on from the what-can-you-do? dept.

lohmann asks: "I was recently paying rent in my apartment office when I noticed several of the rental agents frantically shaking a nearby keyboard. Being a geek, I intervened... and plugged the mouse back in. A barrage of performance questions ensued, so I checked their system for any issues. The results were astounding: Windows 95, no firewall, no AV software, and no backup software on a machine containing thousands of individuals personal information (including mine). I ran some utilities and removed dozens of viruses and instances of spyware. I voiced my concerns over security issues, but was told that 'there is no budget for such things' and that 'we haven't had any trouble in the past.' Have any of you run across similar instances of small companies refusing to protect your data? What can I do to convince them to secure the network?"

7 of 90 comments (clear)

  1. IT for rent arrangement? by mind21_98 · · Score: 4, Insightful

    Maybe your landlord will take you on as a system administrator for their network in exchange for a reduction in your rent. Both of you will benefit, and you'll make sure your personal information doesn't fall in the wrong hands. :)

    --
    US businesses that currently accept chip and PIN/signature
  2. gym by ralphus · · Score: 2, Insightful

    I once went to my gym, where they know me as the local computer geek. Obviously they have all customer information on their computer systems, including their photos and credit card numbers for billing. They were complaining that their computers had gotten slower recently and they didn't know what was going on. I said I would check it out. They didn't have a firewall, they didn't have anti-virus. What they did have was just about every virus and trojan under the sun and their little cable modem was working overtime just sending data to god knows where. I cleaned them up and installed everything they needed to get protection and clean up the mess. Small business is hopeless on a lot of occasions. It isn't their fault IMO. The vendors should be making more secure solutions for them to at least protect against all predictable threats.

    --
    Revolutions are never about freedom or justice. They're about who's going to be top dog. -- Kilgore Trout
  3. It's not just small landlords by dacarr · · Score: 2, Insightful
    The apartment complex I live at has similar problems - although our management company is the largest in Orange County, CA. All machines are running XP of some variant, however the IT department has seen fit to not restrict internet access and never did bother installing spyware proofing, AdAware, etc. Though they did install a commercial AV package. I wound up installing Spybot and AdAware on one of the boxen, and should check with the complex manager

    I think it comes down to an important thing - it's a case of general ignorance of facts, but what's scary is that it's the system adminstrators that seem somehow lacking this key data in some cases. I don't know if it's some bit of arrogance that comes with an MCSE or what - but it's kind of scary how that works at times.

    --
    This sig no verb.
  4. Here's what you can do... by Spoing · · Score: 3, Insightful
    1. Find a huricaine.
    2. Step outside during the hurricane.
    3. Scream.

    You can't protect people from themselves.

    The only thing that works is mentioning that they may be liable -- they could be sued -- if they are found neglegent in not doing something to protect the data they have. Usually, this makes them concerned...and they still do nothing.

    --
    A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
  5. You poor USians by samael · · Score: 4, Insightful

    If you lived in a reasonable part of the world then you could report them under Data Protection law. If only you didn't let your corporations run the country.

    --
    My Journal
  6. Re:What I've seen by simplypeachy · · Score: 2, Insightful

    How dare they use such unsecure systems! Why, they could pay a few more pounds/bucks and use a password-protected MS Access database!

    </satire>
    I've seen that too. Same with back office systems. Worse, actually; some back officies have 5+ years of unencrypted credit card transactions

  7. Re:Backups, A/V, firewall, and spyware by cyber0ne · · Score: 2, Insightful

    That's all well and good, but the problem is that the business doesn't want to bother with these things. You might as well suggest that they secure the machine by unplugging it. It'll be 100% secure, but the business isn't interested in such measures.

    He'd have better luck trying to find a precedent somewhere to show them. Maybe another small business in the area has had serious problems. I know one of the small businesses in my area absolutely refused any kind of protection because "it had never been a problem before." Then they got hit by some trojans, and hit hard. Their entire business was halted for a few days because their data couldn't be accessed. After the dust settled, their data was downright gone.

    Your suggestions are good and would help protect them (emphasis on help... someone else said it best earlier that "security is a process, not a product"), but your suggestions can't protect them from not wanting to be protected.

    --
    http://publicvoidlife.blogspot.com