Securing Personal Data in Small Companies? 90
lohmann asks: "I was recently paying rent in my apartment office when I noticed several of the rental agents frantically shaking a nearby keyboard. Being a geek, I intervened... and plugged the mouse back in. A barrage of performance questions ensued, so I checked their system for any issues. The results were astounding: Windows 95, no firewall, no AV software, and no backup software on a machine containing thousands of individuals personal information (including mine). I ran some utilities and removed dozens of viruses and instances of spyware. I voiced my concerns over security issues, but was told that 'there is no budget for such things' and that 'we haven't had any trouble in the past.' Have any of you run across similar instances of small companies refusing to protect your data? What can I do to convince them to secure the network?"
IT for rent arrangement? (Score:5, Insightful)
Re:IT for rent arrangement? (Score:3, Interesting)
If you become a victim of identity theft, it would be difficult if not impossible to trace back to negligence on the part of your landlord (or anyone else in most cases); so unless they are
Re:IT 4 rent arrangement - UK data protection act (Score:2)
http://www.informationcommissioner.gov.uk/
There must be something similar in the US??!
Of course if you say "I'm going to sue you for not protecting my personal data; but you could hire me instead" then that sounds a lot like extortion.
Be careful.
pbhj
now you got me worried. (Score:2, Funny)
Help!
Re:now you got me worried. (Score:3, Funny)
Bah. Just do what I do. Everytime they ask me for my name and address, I just give them yours.
Uh, on second thought, maybe you shouldn't do what I do :).
Yaz.
Re:now you got me worried. (Score:1)
Re:now you got me worried. (Score:1)
So, now
gym (Score:3, Insightful)
Re:gym (Score:2)
IMO, businesses should be exercising due diligence and purchasing products from vendors with good security records. Yes, this may mean paying twice as much to have a local IT consultancy deliver the box and maintain it, rather than mail-ordering from Dell. And it may mean having to put in place and enforce policies such as "no casual web browsing on the computer."
I ca
Re:gym (Score:2)
If the gym bought Nautilus equipment and never maintained it, would they be held liable when it breaks?
They buy products without properly researching them or having experts install and maintain them. The vendors -- I'm guessing the OEMs not a group provides on-site support -- can't design products that are safe in all situations without making the products useless.
Re:gym (Score:2)
Most often yes.
However when they buy Nautilus equipment and they maintain it in line with the recommendations and it still breaks due to design flaws that the manufacturer isn't talking about and no one but industry insiders in metallurgy really understand, are they liable when it breaks?
However obvious to us all the internet security issues are, to mom and pop shops the issues are far too obscure fo
Re:gym (Score:2)
If they aren't experts in Nautilus repairs, they schedule maintenance on a reg
Re:gym (Score:1)
Annual Inspection for computers (Score:2)
Think about it - if you run a courier company, how much trouble would you be in if it was discovered that none of your vans were MOTed, and none of your drivers were licensed?
Re:Annual Inspection for computers (Score:2)
What, pray tell, is an MOT? (Aside from Motorola's stock ticker [yahoo.com])
Annual safety inspection for cars. (Score:2)
Re:Annual safety inspection for cars. (Score:1)
Re:Annual safety inspection for cars. (Score:3, Informative)
I did Google [google.com] it:
I finally figured out that "UKMOT" is what you're talking about, but no, it wasn't obvious, even after Googling.
Interestingly, Google UK [google.co.uk] doesn't even return UKMOT
Re:Annual safety inspection for cars. (Score:2)
As an American, I do try to explain my terms when speaking to an international audience (the internet). Of course, I have non-American friends, so I'm quite aware of it. On the occasion that I don't fully explain myself, and someone inquires, I try to give
OK, I could have explained the acronym. (Score:2)
Since, from what I see of cars friends of mine have imported, there does not seem to be any kind of equivalent in the US, maybe it's not a familiar term over there.
Re:OK, I could have explained the acronym. (Score:2)
It's normally just called "inspection [ncdot.org]", no special acronym. Check the headlights, emissions, horn, etc.
Are Californian cars exempt? (Score:2)
Re:Are Californian cars exempt? (Score:2)
Re:Are Californian cars exempt? (Score:2)
That is.... terrifying. (Score:2)
It's funny, the US has stringent requirements for safety for imported cars (look at the stupid rubber bumpers on late-model MGBs, for instance), but locally-produced cars are, even when in "as new" condition, too fundamentally unsafe to drive on UK roads.
Re:Annual safety inspection for cars. (Score:2)
The UKMOT page explains what the MOT test is: "The MOT is effectively the examination of a motor vehicle's safety-related systems components to ensure that they have not worn to an excessive level which would otherwise render the vehicle unsafe for use on the road."
As an American, I wouldn't have guessed "Ministry of Transportation" as we don't have Ministries here.
BTW, I searched via google w/o t
Re:Annual Inspection for computers (Score:2)
What, pray tell, is an MOT?
The MOT was the Ministry of Transport in the UK, sometime in the UK they started annual safety tests for cars over three years old. So the gradparent actually meant an MOT Test, although it is colloquially shortened to MOT.
Re:gym (Score:3, Funny)
undoubtedly because you only went once, weighed 105 or 328 pounds, had a protruding adam's apple and thick black-rimmed glasses, and fell off all the exercise equipment jerry lewis style.
Re:gym (Score:3, Funny)
Re:gym (Score:2)
It isn't their fault IMO.
Yes, it is.
The vendors should be making more secure solutions for them to at least protect against all predictable threats.
There are. Insert standard Apple/Linux security rant here.
The fact that SOHO users like this think that they're too smart to use Macs and/or Linux is a poor business decision that they've made on their own. There are better solutions, but they aren't being used for lots of (bad) reasons. Whose fault is that? More probably, it's really the developer
Re:gym (Score:2)
Doh. Then they'd be using an unupdated RedHat 9.0 with openssh vulnerabilities and so on. Same goes for the Apple stuff. No diff.
I don't see a cure in sight - there is no change in the O/S design. Linux/Macs are not much better than Windows securitywise - architecturally[1], especially when you have users that are actually do stupid stuff like _enter_passwords to encrypted zipfiles and run the contents, even though they have been told not to (som
It's not just small landlords (Score:3, Insightful)
I think it comes down to an important thing - it's a case of general ignorance of facts, but what's scary is that it's the system adminstrators that seem somehow lacking this key data in some cases. I don't know if it's some bit of arrogance that comes with an MCSE or what - but it's kind of scary how that works at times.
Re:It's not just small landlords (Score:2)
It isn't just the MCSE or other such training. There are just way too many people out there who have no business being computer professionals. They haven't got a clue that they are not capable of doign the job.
Re:It's not just small landlords (Score:1)
Well... (Score:4, Funny)
Re:Well... (Score:3, Funny)
Re:Well... (Score:1)
good idea, (Score:2)
Re:good idea, (Score:2)
sue? (Score:2, Interesting)
Of course, if you just want to give some convincing give them the old risk benefit analasys. If all our computers got hosed how much would we lose? Then prove ho
Re:sue? (Score:2)
Re:sue? (Score:2)
That's just how our system works, sorry.
Re:sue? (Score:2, Informative)
Re:sue? (Score:1)
I'm unhappy so I'll sue
Here's what you can do... (Score:4, Insightful)
You can't protect people from themselves.
The only thing that works is mentioning that they may be liable -- they could be sued -- if they are found neglegent in not doing something to protect the data they have. Usually, this makes them concerned...and they still do nothing.
Re:Here's what you can do... (Score:2)
If that were Hiaku I would vote you Slashdrone of the Century ... :/
You are spot on though. You cannot protect people from themselves, - ask any Doctor...
Sera
Re:Here's what you can do... (Score:2, Funny)
Find a hurricane
Step outside during the storm
Scream like little girl
The last line should, of course, be spoken with a fake Russian accent, like the one from the Rocky and Bullwinkle cartoons of the 1970s.
Re:Here's what you can do... (Score:2)
I bow before your geekiness
Re:Here's what you can do... (Score:2)
The '60s, actually, and possibly even the late '50s. A truly excellent show--delicious cold war era satire disguised as a children's cartoon show.
And, just to be picky, if you're going to do it in a Boris Badanov voice it should go like this:
Find hurricane
Step outside during storm
Scream like little girl
Re:Here's what you can do... (Score:1)
I agree that your rendition of the poem fits the voice, but I kept the first 2 lines as is to protect the necessary syllables of the haiku. Given some thought, I could probably rewrite the whole thing for "Boris," but that would be silly.
Re:leave them (Score:2)
[sarcasm]Good idea. I would definitely move because their PC is unsecured. Moving is fun and it's SO easy to find alternative housing. Of course, my girlfriend really likes moving, too.[/sarcasm]
Why in the holy name of cosmic Chaos is this modded insightful??
Re:leave them (Score:1)
Re:leave them (Score:2)
Re:leave them (Score:1)
I don't know where you live, nor do I know where the poster lives, but I can assure you that such an action is laughable where I live (Boston). There's practically a waiting list for apartments. They'll have you replaced by the end of the day, probably at a higher rate, after they collect their "early lease termination fee" from you.
If you live in an area where the housing market is truly dominated by the customers, be sure to thank $DIETY every day. And never, ever le
Re:leave them (Score:2)
Of course, you can't leave that area, because you can't sell your house.
Re:laws (Score:2)
> I work in the network security industry
With friends like that, who needs enemies?
Backups, A/V, firewall, and spyware (Score:2, Informative)
1> Backups - spend the $150 for a Maxtor OneTouch that comes with Retrospect personal. Once a week they press a button, backup done.
2> A/V - If they don't want to spend $70 for Norton or McAfee, then for free you can try AVG ( http://www.grisoft.com/us/us_index.php )
3> Firewall - Avoiding XP SP2's, www.zonealarm.com has a good free firewall.
4> Spyware - AdAware does a great job detecting and removing spyware. ( www.lavasoftusa.com ) Fre
Re:Backups, A/V, firewall, and spyware (Score:2, Informative)
AdAware requires commercial licenses when used on non-residential computers. Spybot does not.
I agree AdAware is polished and more refined, but spybot does a great job and has lots of Admin friendly programming.
Re:Backups, A/V, firewall, and spyware (Score:1)
Re:Backups, A/V, firewall, and spyware (Score:2, Insightful)
He'd have better luck trying to find a precedent somewhere to show them. Maybe another small business in the area has had serious problems. I know one of the small businesses in my area absolutely refused any kind of protection because "it had never been
You poor USians (Score:5, Insightful)
Re:You poor USians (Score:2)
And yes, I do live in one of those "reasonable" parts of the world. We have a strong data protection law. On the other hand, if my rental agents commit horseshit, standard, legally defensible rental contracts here specify a 3 month notice period, 2 months deposit, and only two cancellation dates
Re:You poor USians (Score:1)
Since then I've had 12+ UCE and 10+ non-UCE email from recipients ignoring the little "CC_List" in their Cc: box.
Said company told me categorically that they didn't breach the DPA by disclosing my email address. I'd already talked to the Information Commissioner about it who said otherwise.
I did show the droid that said it wasn'
Re:You poor USians (Score:2)
Re:You poor USians (Score:2)
The UK Data Protection Act is, IMHO, one of the biggest victories for the people in UK law. It's a shame that there's no way to hold non-UK companies you deal with over the internet to the same standards.
It's also costly and annoying for businesses... but reasonably so, I think.
Re:You poor USians (Score:2)
I volunteered for a day at a local non-profit (Score:3, Interesting)
The system was running horribly slow. When I opened a web browser to Google and got a pop-up, I knew exactly what was up. Ad-aware (Not to be confused with Ada-ware, which also claims to be an anti-spyware program) found about 6 different spyware apps. Once I had cleaned those off, the system ran 3 or 4 times as fast. Those apps had really cloggled up its limited RAM.
This was a fairly busy non-profit helping clients pretty much continuously throughout the day.
Re:I volunteered for a day at a local non-profit (Score:3, Interesting)
How do you volunteer as a sysadmin for a day? Is there some sort of clearing-house for these things, or do you know somebody at the charity, or what?
I think it'd be great to do... using my talents to help charity in an effective manner.
Re:I volunteered for a day at a local non-profit (Score:3, Informative)
Re:I volunteered for a day at a local non-profit (Score:2)
What I've seen (Score:4, Informative)
Re:What I've seen (Score:2, Insightful)
</satire>
I've seen that too. Same with back office systems. Worse, actually; some back officies have 5+ years of unencrypted credit card transactions
Re:What I've seen (Score:1)
Officer 1: "no, its just an Access Database, you should be able to get to it."
Officer 2: "what's the name?"
Officer 1: "something like [city] prostitution database. the password is 'hooker'"
Wireless also a problem (Score:2, Interesting)
How do you address problems where the technology is getting easier to use, but where the users aren't spending the time to really learn the technology? I don't want to have to learn how to repair my car just to drive it, so can I expect much more f
Re:Wireless also a problem (Score:1)
Patient records (Score:2, Interesting)
to no precautions when setting up servers. Software ship with built-in administrative account using default passwords,
installation people use easy-to-guess root passwords and so on.
And we're not talking about Dr. Jones down the street but enterprise-grade installations that can handle really large quantities of patient data.
In Canada (Score:2)
They Broke The First Rule (Score:2)
I don't care if you're a client of our company or the finest I.T. geek on the planet, if I find that you, as a none-company employee, have been messing around with one of the machines under my care then the cops get called and the hard drive gets wiped.
Ed Almos
Budapest, Hungary
Re:They Broke The First Rule (Score:2)
If you answered no, then I wonder why you trust an outside contractor so very much less than your internal people.
If you answered yes, you're not very familiar with human nature.
Talk to Your Neighbors (Score:2, Interesting)
Possible repercussions:
1. Your toilet takes longer to get fixed.
2. Everyone's rent goes up to pay for $300 worth of software.
The nasty way (Score:2)
Threaten them (Score:1)
Re:Threaten them (Score:2)