Tagged with www , privacy
Tuesday, November 7, 2006 - Almanac Vol. 53, No. 11
Carelessness with consequences
Don’t let this happen to you; it could. Dave, a business administrator, discovered that dozens of his department’s employees’ salaries, SSNs, and performance appraisal ratings were publicly available on the Internet.
Dave was computer savvy and had been given responsibility for the department’s web accessible database. Though not an expert, he thought he knew enough to get the job done. However, in today’s complex web environment, he didnít know enough about how to protect data. Thinking a database set up on a widely used database application would be accessible only to three of his colleagues, he was shocked to find some of the data accessible by Internet-based search engines. He assumed a hacker had stolen the data.
In fact, no one had broken into the computer. Rather, while setting up the database, Dave had accidentally placed the private file in a public folder, available to anyone on the Internet. The entire file was indexed by two of the major search engines.
Two critical lessons can be learned from this situation: