MoD Staff Leak Military Secrets on Facebook and Twitter
The Ministry of Defence has admitted that staff leaked secret information 16 times on social networking sites such as Facebook and Twitter over the past 18 months.
By Oliver Garnham
January 27, 2010 —
The Ministry of Defence has admitted that staff leaked secret information 16 times on social networking sites such as Facebook and Twitter over an 18-month period.
The admission comes in response to a Freedom of Information request by Lewis PR, which handles public relations for security firm F-Secure.
Lewis said the Ministry of Defence had disciplined 10 personnel, although was unable to specify individual cases.
Ministry of Defence staff aren't banned from using social networks, but Lewis pointed out that the department's code tells employees: "Remember you are a member of HM Forces/MOD civil servant. Observe the same high standard of conduct and behaviour online as would be expected of you in your professional or personal life."
However, F-Secure said the Ministry of Defence should do more to ensure the guidelines are adhered to.
"It's worrying that employees in sensitive positions have been sharing confidential information via Twitter and other means," said F-Secure's security expert Mikko Hypponen
"They might think they are confiding in friends or family when they go on Facebook. However, the recent changes in Facebook's privacy settings might make them disclose information to the world. This is a potential security risk."
The challenge of true data protection spans databases, internal and external networks, physical and offsite storage, business partners and more. These resources offer expert perspective from the basics through specific key elements of data protection strategies.
Network security basics
Protection, detection, and reaction—those are the three underlying principles your security program must embody
Computer incident detection, response, forensics
Richard Bejtlich shows how to measure and improve the maturity of your incident response
A few good IT security metrics
Stop counting blocked malware attachments and measure things that can contribute to meaningful change
5 key cloud security trends
Cloud security is evolving rapidly—stay on top of it
IT risk assessment frameworks
How to do end-to-end encryption
How to compare and use enterprise antivirus
Also find sample data protection policies in CSO's tools, templates and policies library
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- New PCI Tokenization Guidelines with QSA Expert
- Step right up and listen to the security barker
I've gotten some interesting feedback to yesterday's post about the security evangelist title, especially from a guy who gave himself the perfect title in an industry that often feels like a circus. Sean Jackson (@shunkydave on Twitter) sent me the following tweet: "Re: Evangelist, I'm now calling myself the Security Barker to my family and friends." - Is the title 'security evangelist' really that bad?
- Teenage hackers could be our last, best hope
More Salted Hash with Bill Brenner
