Security, yet again it has been all over the news in the UK, as yet another ‘blunder’ is brought to the public’s attention, this time, it can’t be blamed on the government, or one of its departments or contractors.
No, this time, one of the National Banks has managed to let slip millions of people’s data, it’s blaming a third party, of course, for the error, that allowed a computer within which was a hard drive, on which was a file with millions of bank customer details, everything from account numbers, address, dates of birth, loans etc etc.
It was sold on ebay for £35, to an IT manager, he had bought it for his children. He reported it to the bank as soon as possible, so how did the papers get hold of it then?, wouldn’t the bank be a little embarrassed??
It was reported, that the data was on a computer that had been decommissioned by the bank, sent to a third party for wiping and then redeployment either in the company or sold to a charity.
This computer was held in a secure lock up, but some how got onto ebay, without the companies knowledge or consent.
Question 1. Who has Keys/Access
Question 2. Who’s account was the computer sold on on ebay
Question 3. Are they the same person
Question 4. How quickly can they pack their desk.
Question 5. What criminal charges can we bring?
Seems straight forward to me, but is it.
This is not an isolated incident, in the last year alone we have had disc’s go missing in the post,(cheque is in the mail sir), a laptop stolen from a McDonalds near Whitehall,(Would you like petty crime with your fries),top secret documents left on a train, (the terrorist now boarding at platform 3, would like any sensitive information you have),hundreds of unencrypted flash drives/memory sticks and laptops, ‘go missing’ and data goes AWOL in the US from the Irish DVLA.
Many of these have been attributed to faceless/nameless contractors, or in the case of the discs, a junior member of staff who didn’t know what they were doing was wrong..
Er, sending data on 25 million children, through the standard postal service doesn’t seem wrong to you??
You have to start to wonder who actually has control of and are aware of the practices that some of these companies/government departments have.
I don’t know about you, We have strict guidelines for the data we have, hell, we abide by and have to be seen to be abiding by the DPA, and yet, these companies and departments seem to have carte blanch on this, they can just let out a press release to say it was a contractor/junior member of staff, who will be trained better, worked with closely, contracts looked into, suspended with a through investigation, but nothing evident actually happens.
And these things still happen, yeah, ok, nobody is perfect, but hey, how much brain power does it take to work out that ‘If this happens to us, it’s in the paper and we look crap’
I know, you can never remove the ‘Stupidity Factor’, this happens in every business, you know the person, the one who sends a rude joke to a client, the one that has slight sexual or cultural overtones and wonders why they take offence.
I worked for a company were some data was taken to the client and left on a portable hard drive, trouble was, the person that had taken it, didn’t realise that his 14 year old son had been downloading porn onto it, lots of videos and photos and not a few virus’s and other nasty stuff where transferred onto the clients network, as he was told to copy the contents, of what should have been an empty drive, onto the network and run the installation, well you can guess the rest, needless to say that went down really well.
Taking this incident away from the current crop of security ‘blunders’, do we really believe, as some papers would have us, that we are in danger of having our identities stolen at every turn?
Do we really think, that despite these **** ups, our personal data is being handled correctly and that we are in no danger what so ever from criminals and identity thieves
Is there anyway that I can have Billie Piper come and give me a private viewing of Secret Diary??
Guess the first two are more probable.
Reports, reports, All you can eat
You know what really ticks me off, more than not being able to take Billie out for dinner, is when you have invested time and effort in creating a set of reports, then be asked some time later to change them, or re-write them in one case recently, but also to have other users turn around and say, ‘oh I took that report, changed it a bit, and now you have that new version it doesn’t match mine, what do I do now??, can you change it for me to match yours, then make it work the way i want’
Why not, it’s your report
That would be because it isn’t my report anymore, the moment you changed it, it stopped being mine and became yours, and your responsibility, didn’t it??
Well does it? It still is the basic report you wrote, you still did the hard work, but they have changed it, it is no longer your pride and joy, it is a barstardised version of that report, often fiddled with by people with little knowledge, or who think they have more, which is why they did this in the first place.
Should you be responsible for fixing reports that while they have been created using your knowledge, are so far removed from that version as to be unrecognisable, or have had things added that the report was never meant to have added.
An example for those that like these things, I wrote a report that shows comments made by users of the system, based on a code they enter to denote what the comment is about, this is linked to a status on the record, each time the user enters a new status, they are meant to update the comment.
The report I created, brings out the last status entered and the last comment entered on or after that the status set date.
However, it does not include, except in a hidden field, any identifiers to the client, I was asked to add some additional information on the report, which I did, and transferred a copy to all four servers, we have four offices.
I get an email to say that one person had amended my report, added more information, not what had been asked for, she now additionally wanted that information, plus a couple of tweaks I had made to make the report run quicker, so what was she to do now?
I was a little short with her, I fail to see why, if the report was not created by me, why I should have to upkeep it, or keep it working, I have enough to do as it is without the added burden, hell, if that was the case, let me have all 100+ reports currently on the system that I never use, didn’t write and have no knowledge of, and I will rewrite them all, then they are mine to manage, till then, do them yourself.
Thanks for listening, and in the words of the late great Hercules, ‘The long flowing locks, are these a bit girlie?’