I happen to work in Indiana in IT for a retail store and my boss and I were just discussing how to avoid a "CNN event" just like this. Hopefully this article will be the tipping edge for the upper management to give us the time and resources to be able to properly secure our network... but somehow I doubt it.
The "good news" is that these "CNN events" are pretty common, and people aren't so fazed by them any more. And the public's attention span is woefully short, so the damage won't last more than a couple of weeks from a PR standpoint. Now if there are contract penalties for a breach, that's a different story altogether.
Wow. Here in Maine 4.2 million (yes million!) credit/debit cards were compromised by Hannaford Brothers, a grocery store chain. The company knew about for months, but never told their customers. Here's the latest news: http://pressherald.mainetoday.com/story.php?id=183060&ac=PHnws [mainetoday.com]
Have HR tell tell you what the fines are for a HIPAA violation. Then have them tell you what is covered under HIPAA. I'm pretty sure at least some of your computers contain HIPAA protected information. Then arrange a presentation with Upper Management.
That is very good advice, thank you. Credit card numbers, customers purchase records, addresses, telephone #, etc is all stored on our servers or registers in one way or another and I'm sure part (if not all) falls under some part of HIPPA. Thankfully we have moved to an entirely encrypted system already so that narrows down some of our risk... but this was not always the case. It amazes me how a company/programmer/management can think that storing someone's private information in a plain text file is an ac
I happen to work in Indiana in IT for a retail store and my boss and I were just discussing how to avoid a "CNN event" just like this. Hopefully this article will be the tipping edge for the upper management to give us the time and resources to be able to properly secure our network... but somehow I doubt it.
Take a CNN story like this, edit it to show your company as the culprit including how sales dropped dramatically, set it up on a web server somewhere, fabricate a CNN-spoofing URL to access it, and use an anonymous web email account to send it to those upper level managers along with a comment saying "do you want to avoid a situation like this?".
"Nature is very un-American. Nature never hurries."
-- William George Jordan
Well this is a well timed article (Score:3, Interesting)
Re: (Score:2, Informative)
Re: (Score:2, Informative)
Re: (Score:3, Interesting)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Re: (Score:3, Funny)
Take a CNN story like this, edit it to show your company as the culprit including how sales dropped dramatically, set it up on a web server somewhere, fabricate a CNN-spoofing URL to access it, and use an anonymous web email account to send it to those upper level managers along with a comment saying "do you want to avoid a situation like this?".