[BBLISA] Most common (or Most important) privacy leaks
Paul Beltrani
spamgrinder at gmail.com
Tue Feb 17 10:41:28 EST 2015
It's tough to change that kind of behaviour. If you're at an
organization that's large enough, the internal auditors and / or legal
team can be helpful. They usually have the mandate to provide
guidance and training in that area, especially if the business is
required to comply with regulations like HIPAA or certifications like
PCI. Those regulations / certifications are also a good starting
point for what information must be protected.
If you're trying to convince the organization to make changes or
implement new tech, I'd recommend focusing on the business
perspective. e.g. "We don't want to be in the news because our
customer database was exposed. Here's how I recommend we prevent that
from happening."
-- Paul Beltrani
On Tue, Feb 17, 2015 at 8:43 AM, Edward Ned Harvey (bblisa4)
<bblisa4 at nedharvey.com> wrote:
> I see a lot of people and businesses out there, that just don't care about
> their own privacy. They email passwords to each other, W2's with salary and
> social security information, photocopies of drivers' licenses and passports
> to be used by HR to complete I-9 forms...
>
>
>
> As an IT person advising a business to be more responsible, what areas do
> you advocate securing most urgently? IT admin credentials? HR records?
> Financial records? Other stuff? Simply everything, bar none?
>
>
>
> Email is obviously a huge area of insecure information sharing. Do you also
> see a lot of people storing information that should be secured in other
> non-private services like Dropbox, Google Drive, Box, etc?
>
>
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa
More information about the bblisa
mailing list