May 12, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« Insider Threats to Watch Out For | Main | What the Future Holds for Security »

March 17, 2008
Unprotected Databases Too Tempting

While it might be tempting, when faced with all the complexities and costs of security solutions, for a small to medium sized company to just look the other way when it comes to security, to just keep thinking that that's a problem for those bigger, more well-known companies, but as data breach after security attack now-a-days attests, that's exactly what hackers are hoping you do.

And the do-nothing approach, when it comes to data security, hackers are not even your main problem. If the temptation and capability is there to snoop on other people's data, many employees simply find it too irresistible to resist. And this is not just a problem for SMEs.

One big proponent of taking an active role in your security is Mike Rothman, who is hosting a security roundtable next week right here at ebizQ, called Threatscape 2008, where he's going to explore this subject in depth, along with many other threats critical to companies today, which you can check out right here.

A recent article at The Courier-Journal shows exactly how overly tempting unprotected databases can be. Employee's at Milwaukee based WE Energies, which is Wisconsin's largest utility, routinely dipped into the massive utility database. Landlords checked on tenants, friends checked up on acquaintances, girlfriends delved into the records of ex-boyfriends, and those are just the ones that got caught.

Most distressing of all is, apparently, this is common practice with utilities. The WE Energies database included stuff you would expect, like credit card info, banking history, payment history, SS#s, address, phone, and energy usage, but things you would never suspect, like income and medical info. Pretty much everything you'd ever want to know about a friend or enemy (or the new type of acquaintance, the frenemy), but would never dare ask.

Besides just being wrong, this sort of data dipping should be illegal, but whatever it is...it all starts with whoever is overseeing the database. Databases need to be locked up, and then database access needs to be monitored, or easy access like this can quickly spiral into easy lawsuits.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/3255

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
ebizQ Web 2.0 and the Enterprise
Your E-mail Address:
BAM for BPM Survey Results Are In! Learn What’s Driving New BAM Investments
Date: May 13, 2008
Time: 12:00 PM ET
(16:00 GMT)
REGISTER TODAY!
Avoid the SOA Pitfalls that Prevent ROI
Date: May 15, 2008
Time: 14:00 PM ET
(18:00 GMT)
REGISTER TODAY!
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map