Telling Your Superiors Their Financial Data Is At Risk? 100
alterimage asks: "I'm a Computer Science major at night, working by day in Accounting for a major telecom provider, with clients consisting of most the entities on Fortune's Top 20 Most Admired Companies of 2006 list. Daily, I see customer payments in excess of $50,000 come and go. Strangely enough, rather than have these payments conducted by an IVR system or over the Internet, the majority of these payments are conducted over the phone with individuals such as myself, who are instructed to write down, document all the specific banking information, and to keep them on hard-copy in an unlocked file cabinet that is accessible to anyone. Having experience with social engineering and fraud, I've already advised my boss that it's probably not a good idea for those bank routing and account numbers to be laying around unsecured, and was told that I'm over-reacting. So I ask Slashdot: At what point should the human aspect of security be considered in the business environment? Should I just smile, nod, and play along in this situation?"
the plan! (Score:5, Funny)
One little implementation detail: don't get caught.
Extra credit: put the blame onto your criminally-negligent boss.
That's normal for the telecommunications industry (Score:1, Funny)
Good luck.
Trust is always a contentious point (Score:4, Funny)
This worried my boss - "What? You can access any machine's drives if you're the network administrator?".
I try and explain that yes you could; it's by design; the admin being the super-power on the network - full access to everything, etc. This leads him to the next question of "What? Even you could access even my PC? I've got sensitive information on here?!". I reply "Yes, even yours if I really wanted to".
Unimpressed, he changes the network admin password.
Precisely 1 hour and 20 minutes later; I get an email saying "User xyz can't access a file YYY on the abc share - what's the problem?". I explain the permissions on the file probably got corrupted/lost and resetting the file-system permissions for the root directory structure should flush out the problem.
He gives me the new network admin password. Problem was fixed in 2 mins.
In conclusion, us geeks rule the world. On modern IT systems, someone, must have complete power over all. That is why we are geeks because we can do what others cannot.
And it's true what they say; being a sys-admin is a power-trip.
*evil laugh*
The machines! They're all miiiine! Aaaalll mine!!!!
Tell him again.... (Score:4, Funny)
Re:let it go. your boss doesn't care, and they don (Score:2, Funny)
2. Collect names and account numbers and contact information.
3. When you leave this job one day, and you will, and when you need money, and you will, contact the account holders *directly* and offer to tell them where you got your information for a fee.
You must be new here.
There, fixed.