Wednesday, January 30, 2008

Georgetown University incident highlights issue of old-fashioned physical security in the workplace


A recent incident at Georgetown University, media reports of a stolen hard drive with personal information and social security numbers, highlights the need for new work habits these days. The brief story appears Jan. 30 in The Washington Post, by Susan Kinzie, "Stolen Hard Drive Had Personal Data," p B03 (Metro), link here.

It has been common for many years for people to "take work home," and in the IT age that can include laptops, diskettes, listings (as in system testing), all with real live data. Sometimes the problem occurs in the case of systems testing where companies make up test QA cases by extracting real data, and software companies ought to work on the idea of scrubbing the data randomly to fictionalize it. Even in the 1990s it was acceptable for people to have real live data at home, but the problems of consumer fraud were only beginning to be understood. (I actually had a Merrill Lynch Visa credit card of mine used for bogus phone calls from Canada on AT&T in 1995, and found out when the card was suddenly rejected in a grocery line; I got a phone call from Merrill Lynch the next day; the card was replaced and AT&T backed out the hundreds of dollars in charges, but it took a whole day of time from work.)

Telecommuting will raise issues. Companies have to decide on the security issues with employees dialing in through the Internet (in the early 1990s people often used dumb terminals taken from the office to connect to the mainframe, and this was probably safer) Now, a number of companies hire customer service agents to work from home using their own computers, and this is bound to raise a whole host of new security questions.

No comments: