Remember: your security is only as good as your weakest link. Sure, everyone’s heard the expression, and everyone gets it (I don’t think I’ve met a person who didn’t understand it), but when I hear stories like that of Telecom New Zealand’s Wireline, it makes me wonder if people actually “get it.” And, not following the basics will diminish the pretty good security provided by tools such as drive encryption software from AlertBoot.
Man’s Accesses Still Valid After Leaving Telecom
A man who worked as customer service representative at Telecom New Zealand found out that he could still access the company’s database. He stopped working for the phone company in November, which is nearly two months ago.
What prompted the man to give it a try? He heard the accusations that there was a security breach at Telecom, and he decided to test whether the stories could be true. It took him some time, but he finally figured out his actual password for accessing the database. The company would not comment on this particular situation, but an anonymous interviewee who also worked at the company years ago relayed the fact that information security at the company was not top-notch when it came to restricting access.
Installing Encryption Software and Other Tools is Not the End of It
Restricting access to sensitive data is one of the most basic steps when it comes to data security. (In fact, you could say that “access restriction” is the sole purpose when it comes to data security. This is evidenced by the fact that most of the security tools out there are designed exactly with this objective in mind, be it a locked door, hiring a security guard, biometric access to computers, or the latest cryptographic tool.)
Philosophical ruminations aside, the point is that you’ve got to pay attention to who should and who shouldn’t be able to access particular information. This should-shouldn’t dynamic depends not only who the person is and what he does, but when he’s doing it.
A retired cop shouldn’t have access to a police database. A former US president shouldn’t have access to the WWIII nuclear codes. A former company CEO shouldn’t have access to his former employer’s newly-formulated 5-year strategic plans. And a former service representative certainly shouldn’t have access to his former employer’s customer database. For one thing, to the detriment of the company, he could just take that access and use it as a bargaining chip for a better job with a competitor.
Data security is a never-ending battle, partly because who is permitted to access sensitive data is constantly changing. As long as attention is not paid to restricting access, data protection tools cannot maximize the safety of your data. What good is encryption, or any other data protection tool for that matter, if people other than authorized users can access protected contents?
Related Articles and Sites: