Opinion

Shame on the Journal

As if managing security in your enterprise isn't hard enough, The Wall Street Journal, in its August 1st article "Ten Things Your IT Department Wont Tell You"

By Bob Bragdon, Publisher, CSO

September 14, 2007CSO — As if managing security in your enterprise isn't hard enough, The Wall Street Journal, in its August 1st article "Ten Things Your IT Department Won't Tell You," outlined how employees could get around the system restrictions imposed by their IT security teams.

I will give the Journal some credit; it did point out the risks involved with sidestepping these restrictions and how to do so safely, but the fact that it feels the need to publish security workarounds really amazes me. I can just imagine the employee thinking this encourages....

1. How to send giant files. "I can't help it that these customer databases are so large," the employee thinks. "There aren't enough hours in the day for me to do the customer analyses my boss wants, so I have to bring those files home. Our stupid IT department has locked down our USB ports and won't let me send anything on e-mail larger than 2MB. Why does my boss need to know how many customers have Social Security numbers that begin with 302 anyway?"

2. How to use software that your company won't let you download. "Instant messaging software, for example? Easy. I'll just use a Web-based version of IM. What do you mean, we have to retain all our IM communications to meet e-discovery and data retention regulations? Sox⬦that's a baseball team, right?"

3. How to visit the websites your company blocks. "I can't believe my company won't let me visit that online gambling site. How else am I going to pay back my bookie? Never mind I have to get back to managing our ­customers' healthcare claims."

The Journal goes on from there—how to clear your tracks on your work laptop, how to search for your work documents from home, how to store work files online and so on.

By all accounts the staff of the Journal is very concerned over what will happen when Rupert Murdoch's News Corp. takes over. My advice to Mr. Murdoch: Pray that the Journal's staff isn't reading its own articles or you may need to bring in a crack security team to get things under control. Maybe there is a benefit for at least one CSO in all of this?

Other stories by Bob Bragdon, Publisher, CSO

$firstKeyword

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors