Security Zone

There is a lot to be said for establishing order in a potentially chaotic environment – regardless of whether that environment consists of screaming teenagers in a 5,000 seat arena or hundreds of savvy IT administrators managing a 5000 system server farm.

In our business, we hear a lot of horror stories about IT administrators sharing passwords to privileged accounts and systems. But even I was astonished when one of our new employees described how his previous employer enabled support personnel to easily maintain an “on-call” list.

If you heard the news about McDonalds disclosure that hackers had stolen customers’ personal data, you might have missed the scariest part of the story. Yes, it’s a nightmare for McDonalds’ customers that the email addresses, birthdates, mailing addresses and other information they gave on the McDonalds web site may now be in the hands of hackers. If you get a “special offer” from McDonalds on your birthday from now on, are you going to click on it? Course not. Bad for you. Bad for McDonalds.

It’s time for us IT security managers to do some soul-searching about our own practices for securing the computer systems that hold our organization’s financial records, customer data, intellectual property and other digital assets. If recent high-profile criminal prosecutions have taught us anything, it’s that employers’ own lax management practices are what makes these escapades possible.