Friday, January 11, 2008
Outsourcing Firms: Tactics for how they steal your data?
Yesterday, I think I observed data theft from an employee of an outsourcing firm...
One of my sons is currently studying Jiu-Jitsu where I take him to class twice a week. Many parents multitask by watching their children and bringing home work. One parent that was sitting next to me had their laptop powered up and was doing some work. Being the inquisitive shoulder-surfer, I first noticed that unlike my own employer, their laptop didn't have any disk encryption software that provides a challenge at bootup.
The second thing while shoulder surfing is that this individual seemed to have production quality data on their hard drive with lots of personally identifiable information. I happen to have recognized a particular name/address combination. I immediately began to think about if this laptop fell into the wrong hands, what troubles would ensue.
In a quick ping to several associates who work for various outsourcing firms, it seems as if many of them give their employees laptops but yet haven't invested money in providing security for them. Should their clients minimally expect that consulting firms who have privileged access into their IP protect their own laptops by using full disk encryption products such as PGP, Pointsec, Ultimaco, etc or do I somehow have it twisted?
| | View blog reactionsOne of my sons is currently studying Jiu-Jitsu where I take him to class twice a week. Many parents multitask by watching their children and bringing home work. One parent that was sitting next to me had their laptop powered up and was doing some work. Being the inquisitive shoulder-surfer, I first noticed that unlike my own employer, their laptop didn't have any disk encryption software that provides a challenge at bootup.
The second thing while shoulder surfing is that this individual seemed to have production quality data on their hard drive with lots of personally identifiable information. I happen to have recognized a particular name/address combination. I immediately began to think about if this laptop fell into the wrong hands, what troubles would ensue.
In a quick ping to several associates who work for various outsourcing firms, it seems as if many of them give their employees laptops but yet haven't invested money in providing security for them. Should their clients minimally expect that consulting firms who have privileged access into their IP protect their own laptops by using full disk encryption products such as PGP, Pointsec, Ultimaco, etc or do I somehow have it twisted?
