Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security / Privacy Advice?

Posted by kdawson on from the all-ears dept.

James-NSC writes "My employer is changing its policy towards employee use of social networks. I've been asked to give a 40-minute presentation to the entire company, with attendance mandatory, on the security and privacy concerns relating to social networking. While I was putting it together, I ended up with some miscellaneous information that pertains to security/privacy in general, for example: the emerging ATM skimming (mainly for our European employees), a reminder that email is not private, malware/drive-by in popular search results, etc. Since these topics don't directly relate to the subject I've been asked to address, I've ended up with a section titled 'While I have you...' I'm going to have the mandatory attention of every employee and I thought it would be a great opportunity to give advice on security/privacy issues across the board. As it's an opportunity that one seldom gets, I certainly want to utilize it fullly. If you had the attention of an entire company with employees in the US, UK, Asia, and Australia, what security / privacy advice would you give?"

2 of 260 comments (clear)

  1. Re:IT people get security wrong by techno-vampire · · Score: 3, Informative
    IT people setup security that's needlessly inconvenient.

    How true! IT people seem to think that if you can make security tighter, you must, even where it doesn't make a difference. I once worked at a company where IT had set things up so that you had to log into three different databases to get your work done. Each one required a different ten-character password with at least one uppercase letter, one digit and one punctuation mark, and they all expired after thirty days. Sound good? What would you say if I told you that all three databases were on the local intranet and not accessible from outside of the firewall? There was no telecommuting, so you had to be on-site to reach the servers in question. The only thing IT did with their draconian password policy was make work harder for everybody, but there was no way to make them understand that.

    --
    Good, inexpensive web hosting
  2. Re:Mandatory? by spinkham · · Score: 4, Informative

    Good idea, but you'd have to dial it back a notch for most corporations.
    Try these:

    MI6 head outed on facebook by his wife, with many details. Viewable by all of the "London" network.
    http://www.mailonsunday.co.uk/news/article-1197562/MI6-chief-blows-cover-wifes-Facebook-account-reveals-family-holidays-showbiz-friends-links-David-Irving.html

    Bank intern fired for lying about a family emergency, then pasting party pics of him dressed up as a fairy on facebook:
    http://valleywag.gawker.com/tech/your-privacy-is-an-illusion/bank-intern-busted-by-facebook-321802.php

    Another example of being fired for putting dumb stuff on facebook:
    http://www.liquidmatrix.org/blog/2009/08/13/social-networking-fail-fail-fail/

    Plenty of fail, Safe for work.

    --
    Blessed are the pessimists, for they have made backups.