CIO Symmetry: A proportional mix of news and wit for the midmarket:

Security

Apr 16 2008   4:59PM GMT

The greatest CIO threat of all time: Women and chocolate



Posted by:
CIO, Midmarket CIO, Security, Strategy for CIOs

A survey by Infosecurity Europe has found that CIOs in the midmarket may have to start preparing for the greatest threat of all time: women and a love of chocolate. InfoSec recently polled 576 office workers in the U.K. and found that 45% of women are willing to give away their password to strangers offering chocolate, as opposed to 10% of men. On the whole, however, employees are less likely this year to Nestle (Tollhouse) up with information thieves, as the number of offenders dropped from 64% to 21%.

But still, of that 21%, the vast majority is women.

These clever social engineers — you might call them the Three Musketeers of data thievery — didn’t stop by simply offering chocolate for passwords. In order to make the breach more harming, these Baby Ruths of deception also asked office workers for names, dates of birth and telephone numbers. The payoff? The possibility of winning a trip to Paris which, surely, is worth a 100 Grand.

Clearly, these survey results are eliciting Snickers around the world today.

I’m amazed that so many women in the Milky Way were swayed by that sort of tomfoolery.

Just imagine the Butterfingers these people must have to let their passwords slip away.

Too much? I could keep going. I’ve got Mounds of material. Ha!

Maybe I shouldn’t be too hard on these password perps. Sometimes, at 3 p.m., with the end of the day drawing near, I’d sell my password for a delicious Toblerone.

So here’s the message to you, my midmarket CIOs: Be thankful these clever researchers didn’t offer male employees beer.

It’s also worth noting that someone actually paid money to conduct this survey. I’m not sure who the real suckers are.

Apr 9 2008   6:34PM GMT

Obama’s passport stolen = Data breach notification law



Posted by: Zach Church
CIO, Security, Midmarket CIO

So much for the technology candidate. Apparently, if I want to talk with Barack Obama’s people I need to use the old mojo wire. And then I’ll have to wait a week to hear if I will be granted an audience (though, to her credit, the receptionist at Obama’s senate office did seem to suggest the senator himself might have a minute). 

A minute, that is, to discuss his recent support for S. 495, which is Vermont Sen. Patrick Leahy’s federal data breach law. 

Obama signed on to the law, which mirrors to some extent 39 existing state laws dictating what private companies and government agencies must do in the event that they manage to lose personal data like credit card numbers and Social Security numbers. 

Or passport records. I have to assume that was the impetus for Obama latching on as a cosigner to Leahy’s bill April 1. Though there is also value in saying “A law I cosponsor…” 

Obama, along with Hillary Clinton and John McCain, learned that his own privacy was violated when employees at the U.S. State Department took a gander at his passport file earlier this year. Apparently political espionage has gone electronic, though it’s not clear yet if that’s a more effective route than brandishing flashlights in a
Washington hotel.

 The bill was actually introduced over a year ago, at the start of the legislative session. Leahy, a Democrat, is pushing for it along with cosponsor Arlen Spector, a Pennsylvania Republican. It is one of a variety of bills that have shown up in Congress in recent years that would create a federal data breach notification law. 

Should the federal government pass a data breach notification law, it would likely trump many, if not all, of the current state laws. That could be a good thing for CIOs because right now a business that has lost personal information must comply with the law for each state where each customer resides. That’s a lot of laws to deal with, given most businesses will have customers from at least a few states. We’ll have some stories soon detailing the federal legislation, as well as some of the differences in state laws. 

In the meantime, figure that we might see a federal one soon. Leahy’s bill has gone through committee and is awaiting floor debate as scheduled by the majority leader. Even if it doesn’t happen this year, he could file it again next term. If it makes its way through Congress and Obama is sitting in the Oval Office, the bill has a good shot at becoming law. 

Oh, that “technology candidate” mention above? Turns out Obama is the only candidate for president who has an issues tab on his website about, well, technology. Doesn’t mean he’s taking the right stand. But it does imply he’s paying attention. 

That, or he thinks there are at least a handful of votes in there.