Slashdot Mirror
Securing Personal Data in Small Companies?
lohmann asks: "I was recently paying rent in my apartment office when I noticed several of the rental agents frantically shaking a nearby keyboard. Being a geek, I intervened... and plugged the mouse back in. A barrage of performance questions ensued, so I checked their system for any issues. The results were astounding: Windows 95, no firewall, no AV software, and no backup software on a machine containing thousands of individuals personal information (including mine). I ran some utilities and removed dozens of viruses and instances of spyware. I voiced my concerns over security issues, but was told that 'there is no budget for such things' and that 'we haven't had any trouble in the past.' Have any of you run across similar instances of small companies refusing to protect your data? What can I do to convince them to secure the network?"
Maybe your landlord will take you on as a system administrator for their network in exchange for a reduction in your rent. Both of you will benefit, and you'll make sure your personal information doesn't fall in the wrong hands. :)
US businesses that currently accept chip and PIN/signature
I once went to my gym, where they know me as the local computer geek. Obviously they have all customer information on their computer systems, including their photos and credit card numbers for billing. They were complaining that their computers had gotten slower recently and they didn't know what was going on. I said I would check it out. They didn't have a firewall, they didn't have anti-virus. What they did have was just about every virus and trojan under the sun and their little cable modem was working overtime just sending data to god knows where. I cleaned them up and installed everything they needed to get protection and clean up the mess. Small business is hopeless on a lot of occasions. It isn't their fault IMO. The vendors should be making more secure solutions for them to at least protect against all predictable threats.
Revolutions are never about freedom or justice. They're about who's going to be top dog. -- Kilgore Trout
I think it comes down to an important thing - it's a case of general ignorance of facts, but what's scary is that it's the system adminstrators that seem somehow lacking this key data in some cases. I don't know if it's some bit of arrogance that comes with an MCSE or what - but it's kind of scary how that works at times.
This sig no verb.
Imagine what would happen if they opened up their Rent Due spreadsheet and read something like "If you are reading this, than I could have altered the amount I owe. You need better security. Kthxbye."
The World Wide Web is dying. Soon, we shall have only the Internet.
IANAL. However it makes sense to me that maybe you can sue. If a doctor doesn't keep your medical records safe and secure, then I imagine they could be held liable. If this is true, then I assume the same can be true of an employer. If they don't keep your personal information safe and secure, then you can sue them for being negligent or some such.
Of course, if you just want to give some convincing give them the old risk benefit analasys. If all our computers got hosed how much would we lose? Then prove how likely it is and how often it happens. Then tell them the solution.
The GeekNights podcast is going strong. Listen!
You can't protect people from themselves.
The only thing that works is mentioning that they may be liable -- they could be sued -- if they are found neglegent in not doing something to protect the data they have. Usually, this makes them concerned...and they still do nothing.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
For windows boxes, there are 4 things I do/suggest to users:
1> Backups - spend the $150 for a Maxtor OneTouch that comes with Retrospect personal. Once a week they press a button, backup done.
2> A/V - If they don't want to spend $70 for Norton or McAfee, then for free you can try AVG ( http://www.grisoft.com/us/us_index.php )
3> Firewall - Avoiding XP SP2's, www.zonealarm.com has a good free firewall.
4> Spyware - AdAware does a great job detecting and removing spyware. ( www.lavasoftusa.com ) Free version requires that you run it manualy once a week/month/day.
-=Down Syndrome in Maine
Bah. Just do what I do. Everytime they ask me for my name and address, I just give them yours.
Uh, on second thought, maybe you shouldn't do what I do :).
Yaz.
If you lived in a reasonable part of the world then you could report them under Data Protection law. If only you didn't let your corporations run the country.
My Journal
I was helping them install some digital camera software.
The system was running horribly slow. When I opened a web browser to Google and got a pop-up, I knew exactly what was up. Ad-aware (Not to be confused with Ada-ware, which also claims to be an anti-spyware program) found about 6 different spyware apps. Once I had cleaned those off, the system ran 3 or 4 times as fast. Those apps had really cloggled up its limited RAM.
This was a fairly busy non-profit helping clients pretty much continuously throughout the day.
Donate background CPU time to fight cancer.
A lot of multiuser POS/Point Of Sale systems store their data on a network file share, in dbase or some other ISAM format. And on top of that, few do any sort of encryption of customer information, like credit card numbers. The result, anyone at a computer that can access the application can steal sensitive customer information and anything else with minimal effort.
My friend's old complex had a similar problem. Living right next to the office and the model, he noticed one day that they had installed a wireless router, but had absolutely no security for their network. All their busines information to any who wandered by.
How do you address problems where the technology is getting easier to use, but where the users aren't spending the time to really learn the technology? I don't want to have to learn how to repair my car just to drive it, so can I expect much more from users who don't understand networking and security?
I will shred my adversaries. Pull their eyes out just enough to turn them towards their mewing, mutilated faces. Illyria
I did Google it:
I finally figured out that "UKMOT" is what you're talking about, but no, it wasn't obvious, even after Googling.
Interestingly, Google UK doesn't even return UKMOT as a result on the first page. Though if you click "Pages from the UK", you get not UKMOT, but this page
With the amount of cross-Atlantic traffic, you could've helped us Yanks (not to mention the non-native English speakers) out with at least the full name .. which, even after reading their FAQ I still don't know what MOT stands for.
You could've also said "annual saftey inspection" in the original post instead of the UK-specific "MOT".
You're obviously trying to express information (by posting), which I applaud; you'll reach many more minds if you make your post self-explanatory, or at least provide a link.
to no precautions when setting up servers. Software ship with built-in administrative account using default passwords,
installation people use easy-to-guess root passwords and so on.
And we're not talking about Dr. Jones down the street but enterprise-grade installations that can handle really large quantities of patient data.
See how the other people in your building feel about the situation. If enough people are pissed off, er, concerned, then you might be able to put some pressure on your landlord.
Possible repercussions:
1. Your toilet takes longer to get fixed.
2. Everyone's rent goes up to pay for $300 worth of software.