 |
| Image from Pixabay |
“Well, I thought it was password protected.” That’s how a
colleague reacted who was pointed out that his team not only had information in
a questionable place, but that the information was also unprotected. And there
were quite interesting things to read.
That dubious place was a cloud service. And it appears
that a private account has been used for that service. All this left me
completely flabbergasted. Let me explain why I feel so strongly about this.
To start with, the use of that cloud service. Is it
really too much to expect our ICT specialists to know this simple rule: no
cloud, unless? And that 'unless' is rather limited? Yes, change is coming, and
a cloud service can be very useful, but that doesn't mean you can go into the
cloud on your own.
“Ah, haven't we bought this service? No problem, we can use
my private account!” Why didn't anyone on that team shout out: “You can’t be
serious about that, can you?” Why was the person who suggested this idea not
immediately and indignantly called to order? I'll explain it as simple as
possible: use the boss's stuff for work (with some specific exceptions). If the
boss doesn't offer what you need, you can ask if it can be bought, but you
don't bring anything from home.
And then there was also information that cannot bear the
light of day. Fortunately, it wasn’t business information, but nontheless
things that certain people know how to deal with, at the expense of our
information security.
But the goofiest thing that I heard was this " Well,
I thought it was password protected." You should not think it, you should
know it. Security doesn't happen by itself, folks. You have to do something
about it. Not only in bad situations, as above, but also in normal situations.
Some people don't lock their front door when they go to
run an errand. If you have a rather poor lock on your door, burglars will be inside
within 1 to 2.5 minutes. They’ll happily do that in broad daylight. A good lock
(three SKG stars in the Netherlands) extends this time to 3-5 minutes, which is
apparently long enough to deter crooks. But even if you don't lock the door, at
least you close it. And if you're not sure whether you've done that, you turn
around and check. In the digital world, we use passwords, among other things,
to protect our digital content. If you're not sure if you've protected access
to a system, check it. Rather than thinking: I’ll just be fine.
Do you think this story is about you? That doesn't mean it
actually is. There have been cases where someone thought the Security (b)log
was about him, while it was based on a different (but almost identical) case.
Moreover, this is a blog, in which I can take the liberty of adding to stories,
romanticizing them or even making them up completely – although I rarely do the
latter.
If the shoe fits, wear it.
And in the big bad world…
This section contains a
selection of news articles I came across in the past week. Because the original
version of this blog post is aimed at readers in the Netherlands, it contains
some links to articles in Dutch. Where no language is indicated, the article is
in English.
- passwords
of half of our ministers can be easily found online. [DUTCH]
- the
responsible State Secretary responds with an obligation to regularly change
passwords (which is counterproductive).
[DUTCH]
- Amazon hands over video footage of Ring doorbells to the police (at least in the US) without the owner's consent.
- Doxing
will
become a crime
if this bill passes. [DUTCH]
- the
iKCheck! app will notify you when someone checks your driver's license with the
Vehicle Authority. [DUTCH]
- investments
are made in the cybersecurity of education.
[DUTCH]
- there
will also be money for increasing the cyber resilience of companies and
organisations. [DUTCH]
- Mantis is the most powerful botnet to date.
- Mozilla takes action against QWACs.
- the
Dutch government warns against the use of public Wi-Fi networks. [DUTCH]
- the Australian government provides tips for using social media and messaging apps.
- cyber
criminals pretend to be a security company.
[DUTCH]
.jpg)
No comments:
Post a Comment